CVE-2023-52935

EPSS 0.02%
Veröffentlicht 27.03.2025 16:37:15
Zuletzt bearbeitet 25.11.2025 17:28:44
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

mm/khugepaged: fix ->anon_vma race

If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires
it to be locked.

Page table traversal is allowed under any one of the mmap lock, the
anon_vma lock (if the VMA is associated with an anon_vma), and the
mapping lock (if the VMA is associated with a mapping); and so to be
able to remove page tables, we must hold all three of them. 
retract_page_tables() bails out if an ->anon_vma is attached, but does
this check before holding the mmap lock (as the comment above the check
explains).

If we racily merged an existing ->anon_vma (shared with a child
process) from a neighboring VMA, subsequent rmap traversals on pages
belonging to the child will be able to see the page tables that we are
concurrently removing while assuming that nothing else can access them.

Repeat the ->anon_vma check once we hold the mmap lock to ensure that
there really is no concurrent page table access.

Hitting this bug causes a lockdep warning in collapse_and_free_pmd(),
in the line "lockdep_assert_held_write(&vma->anon_vma->root->rwsem)". 
It can also lead to use-after-free access.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version11.0

Linux ≫ Linux Kernel Version >= 4.8 < 5.4.299

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.243

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.192

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.11

Linux ≫ Linux Kernel Version6.2 Updaterc1

Linux ≫ Linux Kernel Version6.2 Updaterc2

Linux ≫ Linux Kernel Version6.2 Updaterc3

Linux ≫ Linux Kernel Version6.2 Updaterc4

Linux ≫ Linux Kernel Version6.2 Updaterc5

Linux ≫ Linux Kernel Version6.2 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/acb08187b5a83cdb9ac4112fae9e18cf983b0128

Patch

https://git.kernel.org/stable/c/023f47a8250c6bdb4aebe744db4bf7f73414028b

Patch

https://git.kernel.org/stable/c/352fbf61ce776fef18dca6a68680a6cd943dac95

Patch

https://git.kernel.org/stable/c/abdf3c33918185c3e8ffeb09ed3e334b3d7df47c

Patch

https://git.kernel.org/stable/c/cee956ab1efbd858b4ca61c8b474af5aa24b29a6

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-52935

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52935

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52935

EUVD