CVE-2023-52926

HIGH

Linux Kernel 5.1-6.1.121, 6.1.122-6.1., 6.6.68-6.6., >=6.7 - Use-After-Free in IORING_OP_READ Buffer Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return). This can lead to a potential use-after-free when the completion via io_rw_done runs at separate context.

References (4)

Core 4

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Patch

https://git.kernel.org/stable/c/72060434a14caea20925e492310d6e680e3f9007

Patch

https://git.kernel.org/stable/c/6c27fc6a783c8a77c756dd5461b15e465020d075

Patch

https://git.kernel.org/stable/c/a08d195b586a217d76b42062f88f375a3eedda4d

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 12.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (9)

Linux/Linux < 5.1

Linux/Linux 2b188cc1bb857a9d4701ae59aa7768b5124e262e - 6c27fc6a783c8a77c756dd5461b15e465020d075

Linux/Linux 2b188cc1bb857a9d4701ae59aa7768b5124e262e - 72060434a14caea20925e492310d6e680e3f9007

Linux/Linux 2b188cc1bb857a9d4701ae59aa7768b5124e262e - a08d195b586a217d76b42062f88f375a3eedda4d

Linux/Linux 5.1

Linux/Linux 6.1.122 - 6.1.*

Linux/Linux 6.6.68 - 6.6.*

Linux/Linux 6.7

linux/linux_kernel 5.1 - 6.1.122

Published Feb 24, 2025

Tracked Since Feb 18, 2026

CVE-2023-52926

Linux Kernel 5.1-6.1.121, 6.1.122-6.1.*, 6.6.68-6.6.*, >=6.7 - Use-After-Free in IORING_OP_READ Buffer Handling

Description

References (4)

Scores

CISA SSVC

Details

Linux Kernel 5.1-6.1.121, 6.1.122-6.1., 6.6.68-6.6., >=6.7 - Use-After-Free in IORING_OP_READ Buffer Handling