CVE-2023-52447Use After Free in Linux

CWE-416Use After Free46 documents8 sources
Severity
6.7MEDIUMNVD
OSV7.5OSV7.0OSV6.5OSV5.5
EPSS
0.0%
top 98.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
LinuxLinux KernelDebian Linux+6 more
Timeline
PublishedFeb 22
Latest updateJul 26

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put(), if the ref-counter is the last one (which is true for most cases), the inner map will be freed by ops->map_free() in a kworker. But for

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages11 packages

NVDlinux/linux_kernel5.9.05.10.214+4
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.15.0-112.122
CVEListV5linux/linuxbba1dc0b55ac462d24ed1228ad49800c238cd6d790c445799fd1dc214d7c6279c144e33a35e29ef2+6
debiandebian/linux< linux 6.1.76-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

22
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-ibm-5.15 vulnerabilities2024-07-10
OSV
linux-hwe-5.15 vulnerabilities2024-07-04
OSV
linux-oracle-6.5 vulnerabilities2024-06-26
OSV
linux-hwe-6.5 vulnerabilities2024-06-18

📋Vendor Advisories

22
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel (IBM) vulnerabilities2024-07-10
Ubuntu
Linux kernel (HWE) vulnerabilities2024-07-04
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2024-06-18

💬Community

1
Bugzilla
CVE-2023-52447 kernel: bpf: Defer the free of inner map when necessary2024-02-23
CVE-2023-52447 — Use After Free in Linux | cvebase