Linux · Linux Kernel · CVE-2023-52895
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to a race condition in the io uring/poll component of the Linux kernel, specifically with multishot requests. A previous commit fixed a poll race that can occur, but it's only applicable for multishot requests. For a multishot request, it's safe to ignore a spurious wakeup, as the waitqueue is never left. A blunt reissue of a multishot armed request can cause a buffer leak if ring-provided buffers are used. It's not defined behavior to reissue a multishot request directly, and it's less efficient and not required to rearm anything like it is for singleshot poll requests. The vulnerability can be exploited to cause a denial of service.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.