PT-2024-14753 · Linux+2 · Linux Kernel+2

Alexandre Ghiti

Published

2023-11-09

Updated

2026-03-13

CVE-2023-52797

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.6.0-rc6ubuntu-defconfig #2

Description The issue arises from the failure to check the return value of find first bit() before using it as an index array, leading to an array overflow and subsequent panic. This occurs in the pmu sbi ovf handler() function. The vulnerability causes a kernel panic due to a fatal exception in interrupt handling.

Recommendations To resolve this issue, ensure that the return value of find first bit() is properly checked before using it as an index array to prevent overflow and panic. As a temporary workaround, consider disabling the pmu sbi ovf handler() function until a patch is available. Update to a newer version of the Linux kernel that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

BDU:2025-15392

CVE-2023-52797

ECHO-902D-3A16-FD64

Affected Products

Astra Linux

Debian

Linux Kernel

PT-2024-14753 · Linux+2 · Linux Kernel+2

CVE-2023-52797

Weakness Enumeration

Related Identifiers

Affected Products

References · 20