CVE-2023-52801

CRITICAL EPSS 55.9%
Published May 21, 20242y ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Critical
Find Similar
Published May 21, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinserted. Otherwise the domains_itree becomes corrupted and we will UAF.

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
55.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-284

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.2  –  <6.5.13
linuxlinux_kernel*≥6.6  –  <6.6.3

References 3

  • git.kernel.org https://git.kernel.org/stable/c/836db2e7e4565d8218923b3552304a1637e2f28d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7250ab7ca4998fe026f2149805b03e09dc32498
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fcb32111f01ddf3cbd04644cde1773428e31de6a
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/836db2e7e4565d8218923b3552304a1637e2f28d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7250ab7ca4998fe026f2149805b03e09dc32498
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fcb32111f01ddf3cbd04644cde1773428e31de6a
    Patch