CVE-2023-52930

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit_17 double-free A userspace with multiple threads racing I915_GEM_SET_TILING to set the tiling to I915_TILING_NONE could trigger a double free of the bit_17 bitmask. (Or conversely leak memory on the transition to tiled.) Move allocation/free'ing of the bitmask within the section protected by the obj lock. [tursulin: Correct fixes tag and added cc stable.] (cherry picked from commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0769f997a7b6d5cb8336db0b4ec3d2d311b8097c	Patch
https://git.kernel.org/stable/c/7057a8f126f14f14b040faecfa220fd27c6c2f85	Patch
https://git.kernel.org/stable/c/b591abac78e25269b12e3d7170c99463f8c5cb02	Patch
https://git.kernel.org/stable/c/e3ebc3e23bd9028a8a9a26cbc5985f99be445f65	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc6::::::

History

15 Apr 2025, 16:01

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0769f997a7b6d5cb8336db0b4ec3d2d311b8097c -~~	() https://git.kernel.org/stable/c/0769f997a7b6d5cb8336db0b4ec3d2d311b8097c - Patch
References	~~() https://git.kernel.org/stable/c/7057a8f126f14f14b040faecfa220fd27c6c2f85 -~~	() https://git.kernel.org/stable/c/7057a8f126f14f14b040faecfa220fd27c6c2f85 - Patch
References	~~() https://git.kernel.org/stable/c/b591abac78e25269b12e3d7170c99463f8c5cb02 -~~	() https://git.kernel.org/stable/c/b591abac78e25269b12e3d7170c99463f8c5cb02 - Patch
References	~~() https://git.kernel.org/stable/c/e3ebc3e23bd9028a8a9a26cbc5985f99be445f65 -~~	() https://git.kernel.org/stable/c/e3ebc3e23bd9028a8a9a26cbc5985f99be445f65 - Patch
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-415
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.2:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc6::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915: Se corrige la posible doble liberación de bit_17. Un espacio de usuario con varios subprocesos que compiten con I915_GEM_SET_TILING para establecer el mosaico en I915_TILING_NONE podría provocar una doble liberación de la máscara de bits bit_17. (O, por el contrario, una fuga de memoria al cambiar a mosaico). Se ha trasladado la asignación/liberación de la máscara de bits dentro de la sección protegida por el bloqueo obj. [tursulin: Se corrige la etiqueta de correcciones y se ha añadido la versión estable de cc.] (Seleccionado del commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)

27 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-27 17:15

Updated : 2025-10-01 20:17

NVD link : CVE-2023-52930

Mitre link : CVE-2023-52930

CVE.ORG link : CVE-2023-52930

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-415

Double Free

7.8 /10