Vulnerability Details CVE-2023-52983
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix uaf for bfqq in bic_set_bfqq()
After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"),
bic->bfqq will be accessed in bic_set_bfqq(), however, in some context
bic->bfqq will be freed, and bic_set_bfqq() is called with the freed
bic->bfqq.
Fix the problem by always freeing bfqq after bic_set_bfqq().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.1%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2023-52983
-
cpe:2.3:o:linux:linux_kernel:5.15.86
-
cpe:2.3:o:linux:linux_kernel:5.15.87
-
cpe:2.3:o:linux:linux_kernel:5.15.88
-
cpe:2.3:o:linux:linux_kernel:5.15.89
-
cpe:2.3:o:linux:linux_kernel:5.15.90
-
cpe:2.3:o:linux:linux_kernel:5.15.91
-
cpe:2.3:o:linux:linux_kernel:5.15.92
-
cpe:2.3:o:linux:linux_kernel:6.0.16
-
cpe:2.3:o:linux:linux_kernel:6.1.10
-
cpe:2.3:o:linux:linux_kernel:6.1.2
-
cpe:2.3:o:linux:linux_kernel:6.1.3
-
cpe:2.3:o:linux:linux_kernel:6.1.4
-
cpe:2.3:o:linux:linux_kernel:6.1.5
-
cpe:2.3:o:linux:linux_kernel:6.1.6
-
cpe:2.3:o:linux:linux_kernel:6.1.7
-
cpe:2.3:o:linux:linux_kernel:6.1.8
-
cpe:2.3:o:linux:linux_kernel:6.1.9