CVE-2023-52902

MEDIUM

Linux Kernel - Use-After-Free in do_mmap() Error Path

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_just_free" is taken. Fix this by moving the freeing of the maple tree nodes to a shared location for all error paths.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/1442d51026c58e7c11dd5f9b19650632a48676d4

Patch

https://git.kernel.org/stable/c/7f31cced5724e6d414fe750aa1cd7e7b578ec22f

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 10.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (8)

Linux/Linux < 6.1

Linux/Linux 6.1

Linux/Linux 6.1.8 - 6.1.*

Linux/Linux 6.2

Linux/Linux 8220543df1489ef96c3d4e8b0b3b03c340e3943e - 1442d51026c58e7c11dd5f9b19650632a48676d4

Linux/Linux 8220543df1489ef96c3d4e8b0b3b03c340e3943e - 7f31cced5724e6d414fe750aa1cd7e7b578ec22f

linux/linux_kernel 6.2 rc1 (4 CPE variants)

linux/linux_kernel 6.1 - 6.1.8

Published Aug 21, 2024

Tracked Since Feb 18, 2026