CVE-2023-52707

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc6

Description The issue is related to a use-after-free vulnerability in the Linux kernel's sched/psi component. This vulnerability can be exploited when a non-root cgroup is removed while a thread is still polling on a pressure file within the cgroup. The polling waitqueue gets freed, but the polling thread still has a reference to the pressure file and will access the freed waitqueue when the file is closed or upon exit. This results in a use-after-free error.

The fundamental problem is that cgroup file release() is not tied to the file's real lifetime, and using wake up pollfree() might be less than ideal. However, it is in line with the comment at commit 42288cb44c4b ("wait: add wake up pollfree()") since the waitqueue's lifetime is not tied to the file's one and can be considered as another special case.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions 6.2.0-rc6 and later should be used.

At the moment, there is no information about additional mitigation measures or workarounds for this vulnerability.