CVE-2023-52576

2024-03-0200:00:00

ubuntu.com

linux

kernel

vulnerability

cve-2023-52576

x86/mm

kexec

ima

memblock_free_late

use after free

bug

memblock_isolate_range

kasan

kfence

kernel panic

security

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: x86/mm,
kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() The code
calling ima_free_kexec_buffer() runs long after the memblock allocator has
already been torn down, potentially resulting in a use after free in
memblock_isolate_range(). With KASAN or KFENCE, this use after free will
result in a BUG from the idle task, and a subsequent kernel panic. Switch
ima_free_kexec_buffer() over to memblock_free_late() to avoid that bug.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN