CVE-2023-52731

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the dirty pages still remain queued in the pageref list, and eventually later those may be processed in the delayed work. This may lead to a corruption of pages, hitting an Oops. This patch makes sure to cancel the delayed work and clean up the pageref list at closing the device for addressing the bug. A part of the cleanup code is factored out as a new helper function that is called from the common fb_release().

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20	Patch
https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9	Patch
https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149	Patch
https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20	Patch
https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9	Patch
https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc8::::::

History

No history.

Information

Published : 2024-05-21 16:15

Updated : 2025-09-23 19:00

NVD link : CVE-2023-52731

Mitre link : CVE-2023-52731

CVE.ORG link : CVE-2023-52731

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2023-52731", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T16:15:13.237", "references": [{"url": "https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix invalid page access after closing deferred I/O devices\n\nWhen a fbdev with deferred I/O is once opened and closed, the dirty\npages still remain queued in the pageref list, and eventually later\nthose may be processed in the delayed work. This may lead to a\ncorruption of pages, hitting an Oops.\n\nThis patch makes sure to cancel the delayed work and clean up the\npageref list at closing the device for addressing the bug. A part of\nthe cleanup code is factored out as a new helper function that is\ncalled from the common fb_release()."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: corrige el acceso a p\u00e1ginas no v\u00e1lidas despu\u00e9s de cerrar dispositivos de E/S diferidas. Cuando un fbdev con E/S diferidas se abre y cierra una vez, las p\u00e1ginas sucias a\u00fan permanecen en cola en la lista pageref. y, eventualmente, m\u00e1s adelante, podr\u00e1n procesarse en el trabajo retrasado. Esto puede provocar la corrupci\u00f3n de las p\u00e1ginas y provocar un error. Este parche garantiza cancelar el trabajo retrasado y limpiar la lista de referencias de p\u00e1gina al cerrar el dispositivo para solucionar el error. Una parte del c\u00f3digo de limpieza se factoriza como una nueva funci\u00f3n auxiliar que se llama desde el fb_release() com\u00fan."}], "lastModified": "2025-09-23T19:00:21.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D75E5BD8-C55B-43BA-8730-33C8DCB1DF91", "versionEndExcluding": "6.1.13", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C64BDD9D-C663-4E75-AE06-356EDC392B82"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26544390-88E4-41CA-98BF-7BB1E9D4E243"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}