CVE-2023-52576

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52576
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52576.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52576
Downstream
Related
Published
2024-03-02T21:59:44Z
Modified
2025-10-21T14:17:12.980282Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/mm, kexec, ima: Use memblockfreelate() from imafreekexec_buffer()

The code calling imafreekexecbuffer() runs long after the memblock allocator has already been torn down, potentially resulting in a use after free in memblockisolate_range().

With KASAN or KFENCE, this use after free will result in a BUG from the idle task, and a subsequent kernel panic.

Switch imafreekexecbuffer() over to memblockfree_late() to avoid that bug.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fee3ff99bc67604fba77f19da0106f3ec52b1956
Fixed
eef16bfdb212da60f5144689f2967fb25b051a2b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fee3ff99bc67604fba77f19da0106f3ec52b1956
Fixed
d2dfbc0e3b7a04c2d941421a958dc31c897fb204
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fee3ff99bc67604fba77f19da0106f3ec52b1956
Fixed
34cf99c250d5cd2530b93a57b0de31d3aaf8685b

Affected versions

v5.*

v5.12
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.6-rc1
v6.6-rc2

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "arch/x86/kernel/setup.c"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "155335482232278566337047260392833148889",
                "55960184061738150841267739157987171102",
                "280355060352725358779084664451824000774",
                "250688302593431629137374598275236278821",
                "320453745305988389071805635994694963132",
                "134878664857284971741368834163034726718",
                "91296708316647876401211073583354265117",
                "107605613525111583308685450329854986851",
                "51191748248103771089573139541228979441",
                "281347696618412622498777444041884851433"
            ]
        },
        "deprecated": false,
        "id": "CVE-2023-52576-11fdf1c3",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eef16bfdb212da60f5144689f2967fb25b051a2b"
    },
    {
        "target": {
            "function": "ima_free_kexec_buffer",
            "file": "arch/x86/kernel/setup.c"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "314443974195979675713391766300887668354",
            "length": 247.0
        },
        "deprecated": false,
        "id": "CVE-2023-52576-35384435",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eef16bfdb212da60f5144689f2967fb25b051a2b"
    },
    {
        "target": {
            "function": "ima_free_kexec_buffer",
            "file": "arch/x86/kernel/setup.c"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "314443974195979675713391766300887668354",
            "length": 247.0
        },
        "deprecated": false,
        "id": "CVE-2023-52576-768d4a56",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@34cf99c250d5cd2530b93a57b0de31d3aaf8685b"
    },
    {
        "target": {
            "file": "arch/x86/kernel/setup.c"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "155335482232278566337047260392833148889",
                "55960184061738150841267739157987171102",
                "280355060352725358779084664451824000774",
                "250688302593431629137374598275236278821",
                "320453745305988389071805635994694963132",
                "134878664857284971741368834163034726718",
                "91296708316647876401211073583354265117",
                "107605613525111583308685450329854986851",
                "51191748248103771089573139541228979441",
                "281347696618412622498777444041884851433"
            ]
        },
        "deprecated": false,
        "id": "CVE-2023-52576-7efa2d86",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d2dfbc0e3b7a04c2d941421a958dc31c897fb204"
    },
    {
        "target": {
            "function": "ima_free_kexec_buffer",
            "file": "arch/x86/kernel/setup.c"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "314443974195979675713391766300887668354",
            "length": 247.0
        },
        "deprecated": false,
        "id": "CVE-2023-52576-da6e5b24",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d2dfbc0e3b7a04c2d941421a958dc31c897fb204"
    },
    {
        "target": {
            "file": "arch/x86/kernel/setup.c"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "155335482232278566337047260392833148889",
                "55960184061738150841267739157987171102",
                "280355060352725358779084664451824000774",
                "250688302593431629137374598275236278821",
                "320453745305988389071805635994694963132",
                "134878664857284971741368834163034726718",
                "91296708316647876401211073583354265117",
                "107605613525111583308685450329854986851",
                "51191748248103771089573139541228979441",
                "281347696618412622498777444041884851433"
            ]
        },
        "deprecated": false,
        "id": "CVE-2023-52576-f17bf513",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@34cf99c250d5cd2530b93a57b0de31d3aaf8685b"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
6.1.56
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.5.6