Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-52983
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-27 Mar, 2025 | 16:43
Updated At-04 May, 2025 | 12:50
Rejected At-
▼CVE Numbering Authority (CNA)
block, bfq: fix uaf for bfqq in bic_set_bfqq()

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_bfqq() After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"), bic->bfqq will be accessed in bic_set_bfqq(), however, in some context bic->bfqq will be freed, and bic_set_bfqq() is called with the freed bic->bfqq. Fix the problem by always freeing bfqq after bic_set_bfqq().

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • block/bfq-cgroup.c
  • block/bfq-iosched.c
Default Status
unaffected
Versions
Affected
  • From 5533742c7cb1bc9b1f0bf401cc397d44a3a9e07a before 7f77f3dab5066a7c9da73d72d1eee895ff84a8d5 (git)
  • From 094f3d9314d67691cb21ba091c1b528f6e3c4893 before 511c922c5bf6c8a166bea826e702336bc2424140 (git)
  • From 761564d93c8265f65543acf0a576b32d66bfa26a before cb1876fc33af26d00efdd473311f1b664c77c44e (git)
  • From 64dc8c732f5c2b406cc752e6aaa1bd5471159cab before b600de2d7d3a16f9007fad1bdae82a3951a26af2 (git)
  • b22fd72bfebda3956efc4431b60ddfc0a51e03e0 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • block/bfq-cgroup.c
  • block/bfq-iosched.c
Default Status
unaffected
Versions
Affected
  • From 5.15.86 before 5.15.93 (semver)
  • From 6.1.2 before 6.1.11 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/7f77f3dab5066a7c9da73d72d1eee895ff84a8d5
N/A
https://git.kernel.org/stable/c/511c922c5bf6c8a166bea826e702336bc2424140
N/A
https://git.kernel.org/stable/c/cb1876fc33af26d00efdd473311f1b664c77c44e
N/A
https://git.kernel.org/stable/c/b600de2d7d3a16f9007fad1bdae82a3951a26af2
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found