{"vulnerability": "CVE-2023-52974", "sightings": [{"uuid": "ea811f72-dbe5-41ae-a854-415f49a355f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52974", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9151", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-52974\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress\n\nIf during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails,\nuserspace could be accessing the host's ipaddress attr. If we then free the\nsession via iscsi_session_teardown() while userspace is still accessing the\nsession we will hit a use after free bug.\n\nSet the tcp_sw_host->session after we have completed session creation and\ncan no longer fail.\n\ud83d\udccf Published: 2025-03-27T16:43:13.792Z\n\ud83d\udccf Modified: 2025-03-27T17:08:22.573Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/496af9d3682ed4c28fb734342a09e6cc0c056ea4\n2. https://git.kernel.org/stable/c/6abd4698f4c8a78e7bbfc421205c060c199554a0\n3. https://git.kernel.org/stable/c/d4d765f4761f9e3a2d62992f825aeee593bcb6b9\n4. https://git.kernel.org/stable/c/9758ffe1c07b86aefd7ca8e40d9a461293427ca0\n5. https://git.kernel.org/stable/c/0aaabdb900c7415caa2006ef580322f7eac5f6b6\n6. https://git.kernel.org/stable/c/61e43ebfd243bcbad11be26bd921723027b77441\n7. https://git.kernel.org/stable/c/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3", "creation_timestamp": "2025-03-27T17:26:41.000000Z"}]}