CVE-2023-52920

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns a flaw in the Linux kernel's BPF verifier, specifically with precision tracking for non-r10 register spill/fill to/from stack. This change aims to record instructions that performed register spill/fill to/from stack, regardless of the register used, and potentially adjusting the offset. The fix removes a practical limitation of precision backtracking logic in the BPF verifier, addressing known deficiencies and opening up opportunities to reduce the number of verified states. According to selftests' BPF object files, there are only three differences, all in the positive direction, indicating less states.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2025-12647

AZL-52308

AZL-52338

BDU:2025-15331

CVE-2023-52920

ECHO-AA40-D591-93A9

OESA-2024-2447

OESA-2024-2448

OESA-2024-2492

OPENSUSE-SU-2024_4314-1

OPENSUSE-SU-2024_4316-1

OPENSUSE-SU-2025_0201-1

OPENSUSE-SU-2025_0229-1

SUSE-SU-2024:4314-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0229-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

SUSE-SU-2025_0201-1

SUSE-SU-2025_0201-2

Affected Products

Alt Linux

Debian

Linux Kernel

Suse

CVE-2023-52920

Weakness Enumeration

Related Identifiers

Affected Products

References · 1449