CVE-2023-52562

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0

Description The issue is related to the corruption of the slab caches list after kmem cache destroy() is called. If a module that created a slab cache does not release all of its allocated objects before destroying the cache, it may lead to the release of the kmem cache object without removing it from the slab caches list, thus corrupting the list. This can be observed on a kernel built with CONFIG DEBUG LIST=y, where the system will immediately trip on list add or list del assertions as soon as another kmem cache gets created or destroyed. The vulnerability can also be triggered by setting slub debug to poison the released objects and running cat /proc/slabinfo after removing the module that leaks slab objects, resulting in a kernel panic.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the slab caches list corruption after kmem cache destroy(). As a temporary workaround, consider disabling the kmem cache destroy() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the slab caches list in the affected API endpoint until the issue is resolved.