CVE-2023-52801
CRITICAL EPSS 55.9%
Published May 21, 20242y ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Published May 21, 2024 2y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinserted. Otherwise the domains_itree becomes corrupted and we will UAF.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
55.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-284
Affected Products 2
References 3
- git.kernel.org https://git.kernel.org/stable/c/836db2e7e4565d8218923b3552304a1637e2f28d
- git.kernel.org https://git.kernel.org/stable/c/e7250ab7ca4998fe026f2149805b03e09dc32498
- git.kernel.org https://git.kernel.org/stable/c/fcb32111f01ddf3cbd04644cde1773428e31de6a
Remediation
- git.kernel.org https://git.kernel.org/stable/c/836db2e7e4565d8218923b3552304a1637e2f28d
- git.kernel.org https://git.kernel.org/stable/c/e7250ab7ca4998fe026f2149805b03e09dc32498
- git.kernel.org https://git.kernel.org/stable/c/fcb32111f01ddf3cbd04644cde1773428e31de6a