PT-2023-9733 · Linux+3 · Linux Kernel+3

David Chen

Published

2023-02-12

Updated

2024-11-25

CVE-2023-52739

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.158-1.nutanix.20221209.el7.x86 64

Description The issue is related to a racy check in the free pages function of the Linux kernel, which can cause page corruption. This corruption can lead to crashes and other issues. The problem arises from the check PageHead being racy because at this point, the reference to the page has already been dropped. As a result, even if a compound page is used, the page can already be freed, and PageHead can return false, causing the freeing of all tail pages and resulting in a double free.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2024-10373

CVE-2023-52739

OESA-2024-1737

OESA-2024-1767

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2023-9733 · Linux+3 · Linux Kernel+3

CVE-2023-52739

Weakness Enumeration

Related Identifiers

Affected Products

References · 2313