CVE-2023-52801

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52801
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52801.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52801
Downstream
Related
Published
2024-05-21T15:31:13Z
Modified
2025-10-15T04:22:01.601276Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
iommufd: Fix missing update of domains_itree after splitting iopt_area
Details

In the Linux kernel, the following vulnerability has been resolved:

iommufd: Fix missing update of domainsitree after splitting ioptarea

In ioptareasplit(), if the original ioptarea has filled a domain and is linked to domainsitree, pagesnodes have to be properly reinserted. Otherwise the domainsitree becomes corrupted and we will UAF.

References

Affected packages

Linux

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.5.13
Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.3

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
51fe6141f0f6
Fixed
836db2e7e456

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
51fe6141f0f6
Fixed
fcb32111f01d

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
51fe6141f0f6
Fixed
e7250ab7ca49

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
6..2

Git

git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
51fe6141f0f64ae0bbc096a41a07572273e8c0ef
Fixed
836db2e7e4565d8218923b3552304a1637e2f28d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
51fe6141f0f64ae0bbc096a41a07572273e8c0ef
Fixed
fcb32111f01ddf3cbd04644cde1773428e31de6a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
51fe6141f0f64ae0bbc096a41a07572273e8c0ef
Fixed
e7250ab7ca4998fe026f2149805b03e09dc32498

Affected versions

v6.*

v6.1
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.10
v6.5.11
v6.5.12
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.5.7
v6.5.8
v6.5.9
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.2

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-52801-27821468",
            "signature_type": "Function",
            "target": {
                "file": "drivers/iommu/iommufd/io_pagetable.c",
                "function": "iopt_area_split"
            },
            "signature_version": "v1",
            "digest": {
                "length": 1766.0,
                "function_hash": "117399328622320694808815290011580524681"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fcb32111f01ddf3cbd04644cde1773428e31de6a"
        },
        {
            "id": "CVE-2023-52801-7e3797a4",
            "signature_type": "Line",
            "target": {
                "file": "drivers/iommu/iommufd/io_pagetable.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "159053829131172892219887914087605477312",
                    "208419378661588398480359131438047768795",
                    "65978723469241420189220006589546250840"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@836db2e7e4565d8218923b3552304a1637e2f28d"
        },
        {
            "id": "CVE-2023-52801-7f1b22a5",
            "signature_type": "Function",
            "target": {
                "file": "drivers/iommu/iommufd/io_pagetable.c",
                "function": "iopt_area_split"
            },
            "signature_version": "v1",
            "digest": {
                "length": 1846.0,
                "function_hash": "36286984632937619884566745855128326976"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e7250ab7ca4998fe026f2149805b03e09dc32498"
        },
        {
            "id": "CVE-2023-52801-914c626a",
            "signature_type": "Line",
            "target": {
                "file": "drivers/iommu/iommufd/io_pagetable.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "159053829131172892219887914087605477312",
                    "208419378661588398480359131438047768795",
                    "65978723469241420189220006589546250840"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fcb32111f01ddf3cbd04644cde1773428e31de6a"
        },
        {
            "id": "CVE-2023-52801-996f2e70",
            "signature_type": "Line",
            "target": {
                "file": "drivers/iommu/iommufd/io_pagetable.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "159053829131172892219887914087605477312",
                    "208419378661588398480359131438047768795",
                    "65978723469241420189220006589546250840"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e7250ab7ca4998fe026f2149805b03e09dc32498"
        },
        {
            "id": "CVE-2023-52801-f0c1a138",
            "signature_type": "Function",
            "target": {
                "file": "drivers/iommu/iommufd/io_pagetable.c",
                "function": "iopt_area_split"
            },
            "signature_version": "v1",
            "digest": {
                "length": 1766.0,
                "function_hash": "117399328622320694808815290011580524681"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@836db2e7e4565d8218923b3552304a1637e2f28d"
        }
    ]
}