Linux Kernel I/O Operation Buffer Handling Vulnerability
CVE-2023-52926

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 February 2025

Summary

A buffer handling issue has been discovered in the Linux kernel's I/O operations. The vulnerability arises during I/O reads when the IORING_OP_READ command does not correctly manage the provided buffer list if the read returns a negative value (other than -EAGAIN or -EIOCBQUEUED). This malfunction can potentially lead to a use-after-free situation if completion runs in a separate context, posing a risk for system integrity and stability. It is crucial for users of affected Linux kernel versions to apply the latest patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 72060434a14caea20925e492310d6e680e3f9007

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6c27fc6a783c8a77c756dd5461b15e465020d075

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/72060434a14caea20925e4923...

https://git.kernel.org/stable/c/6c27fc6a783c8a77c756dd546...

https://git.kernel.org/stable/c/a08d195b586a217d76b42062f...

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Aug 21, 2024