[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-52438":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":46,"related":47,"reserved_at":9,"published_at":48,"modified_at":49,"state":50,"summary":51,"references_raw":60,"kevs":96,"epss":97,"epss_history":100,"metrics":352,"affected":358},"CVE-2023-52438","In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix use-after-free in shinker's callback\n\nThe mmap read lock is used during the shrinker's callback, which means\nthat using alloc->vma pointer isn't safe as it can race with munmap().\nAs of commit dd2283f2605e (\"mm: mmap: zap pages with read mmap_sem in\nmunmap\") the mmap lock is downgraded after the vma has been isolated.\n\nI was able to reproduce this issue by manually adding some delays and\ntriggering page reclaiming through the shrinker's debug sysfs. The\nfollowing KASAN report confirms the UAF:\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in zap_page_range_single+0x470/0x4b8\n  Read of size 8 at addr ffff356ed50e50f0 by task bash/478\n\n  CPU: 1 PID: 478 Comm: bash Not tainted 6.6.0-rc5-00055-g1c8b86a3799f-dirty #70\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   zap_page_range_single+0x470/0x4b8\n   binder_alloc_free_page+0x608/0xadc\n   __list_lru_walk_one+0x130/0x3b0\n   list_lru_walk_node+0xc4/0x22c\n   binder_shrink_scan+0x108/0x1dc\n   shrinker_debugfs_scan_write+0x2b4/0x500\n   full_proxy_write+0xd4/0x140\n   vfs_write+0x1ac/0x758\n   ksys_write+0xf0/0x1dc\n   __arm64_sys_write+0x6c/0x9c\n\n  Allocated by task 492:\n   kmem_cache_alloc+0x130/0x368\n   vm_area_alloc+0x2c/0x190\n   mmap_region+0x258/0x18bc\n   do_mmap+0x694/0xa60\n   vm_mmap_pgoff+0x170/0x29c\n   ksys_mmap_pgoff+0x290/0x3a0\n   __arm64_sys_mmap+0xcc/0x144\n\n  Freed by task 491:\n   kmem_cache_free+0x17c/0x3c8\n   vm_area_free_rcu_cb+0x74/0x98\n   rcu_core+0xa38/0x26d4\n   rcu_core_si+0x10/0x1c\n   __do_softirq+0x2fc/0xd24\n\n  Last potentially related work creation:\n   __call_rcu_common.constprop.0+0x6c/0xba0\n   call_rcu+0x10/0x1c\n   vm_area_free+0x18/0x24\n   remove_vma+0xe4/0x118\n   do_vmi_align_munmap.isra.0+0x718/0xb5c\n   do_vmi_munmap+0xdc/0x1fc\n   __vm_munmap+0x10c/0x278\n   __arm64_sys_munmap+0x58/0x7c\n\nFix this issue by performing instead a vma_lookup() which will fail to\nfind the vma that was isolated before the mmap lock downgrade. Note that\nthis option has better performance than upgrading to a mmap write lock\nwhich would increase contention. Plus, mmap_write_trylock() has been\nrecently removed anyway.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44],{"_key":25},"DLA-3841-1",{"_key":27},"DEBIAN-CVE-2023-52438",{"_key":29},"UBUNTU-CVE-2023-52438",{"_key":31},"USN-6726-1",{"_key":33},"USN-6726-2",{"_key":35},"USN-6726-3",{"_key":37},"USN-6688-1",{"_key":39},"USN-6724-1",{"_key":41},"USN-6724-2",{"_key":43},"USN-6725-1",{"_key":45},"USN-6725-2",[],[],"2024-02-20T18:34:48.694Z","2026-05-11T19:27:20.140Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":53,"epss_score":54,"severity":55,"severity_score":56,"severity_version":57,"severity_source":58,"severity_vector":59,"severity_status":50},false,"low",0.00014,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[61,67,71,75,79,83,87,91],{"url":62,"sources":63,"tags":65},"https://git.kernel.org/stable/c/a53e15e592b4dcc91c3a3b8514e484a0bdbc53a3",[64,58],"cve.org",[66],"Patch",{"url":68,"sources":69,"tags":70},"https://git.kernel.org/stable/c/c8c1158ffb007197f31f9d9170cf13e4f34cbb5c",[64,58],[66],{"url":72,"sources":73,"tags":74},"https://git.kernel.org/stable/c/8ad4d580e8aff8de2a4d57c5930fcc29f1ffd4a6",[64,58],[66],{"url":76,"sources":77,"tags":78},"https://git.kernel.org/stable/c/9fa04c93f24138747807fe75b5591bb680098f56",[64,58],[66],{"url":80,"sources":81,"tags":82},"https://git.kernel.org/stable/c/a49087ab93508b60d9b8add91707a22dda832869",[64,58],[66],{"url":84,"sources":85,"tags":86},"https://git.kernel.org/stable/c/e074686e993ff1be5f21b085a3b1b4275ccd5727",[64,58],[66],{"url":88,"sources":89,"tags":90},"https://git.kernel.org/stable/c/3f489c2067c5824528212b0fc18b28d51332d906",[64,58],[66],{"url":92,"sources":93,"tags":94},"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html",[64,58],[95],"X Transferred",[],{"date":98,"score":54,"percentile":99},"2026-06-03",0.02768,[101,104,107,110,113,115,118,121,123,126,129,132,135,138,141,145,148,151,154,157,160,163,166,169,171,174,177,180,183,186,189,192,195,198,201,203,206,209,212,215,218,221,224,227,230,232,235,237,240,243,245,248,251,254,256,258,260,263,266,269,272,274,277,280,282,284,286,289,292,295,298,301,304,307,310,313,316,318,320,323,325,327,329,332,335,338,340,343,346,349],{"date":102,"score":54,"percentile":103},"2025-11-04",0.01757,{"date":105,"score":54,"percentile":106},"2025-11-05",0.01782,{"date":108,"score":54,"percentile":109},"2025-11-06",0.018,{"date":111,"score":54,"percentile":112},"2025-11-07",0.01806,{"date":114,"score":54,"percentile":112},"2025-11-08",{"date":116,"score":54,"percentile":117},"2025-11-09",0.01807,{"date":119,"score":54,"percentile":120},"2025-11-10",0.01791,{"date":122,"score":54,"percentile":109},"2025-11-11",{"date":124,"score":54,"percentile":125},"2025-11-12",0.01812,{"date":127,"score":54,"percentile":128},"2025-11-13",0.01827,{"date":130,"score":54,"percentile":131},"2025-11-14",0.0183,{"date":133,"score":54,"percentile":134},"2025-11-15",0.0185,{"date":136,"score":54,"percentile":137},"2025-11-16",0.01853,{"date":139,"score":54,"percentile":140},"2025-11-17",0.01841,{"date":142,"score":143,"percentile":144},"2025-11-18",0.00092,0.22324,{"date":146,"score":143,"percentile":147},"2025-11-19",0.22334,{"date":149,"score":143,"percentile":150},"2025-11-20",0.22341,{"date":152,"score":54,"percentile":153},"2025-11-21",0.01903,{"date":155,"score":54,"percentile":156},"2025-11-22",0.01901,{"date":158,"score":54,"percentile":159},"2025-11-23",0.01896,{"date":161,"score":54,"percentile":162},"2025-11-24",0.01884,{"date":164,"score":54,"percentile":165},"2025-11-25",0.01879,{"date":167,"score":54,"percentile":168},"2025-11-26",0.01839,{"date":170,"score":54,"percentile":168},"2025-11-27",{"date":172,"score":54,"percentile":173},"2025-11-28",0.01836,{"date":175,"score":54,"percentile":176},"2025-11-29",0.01883,{"date":178,"score":54,"percentile":179},"2025-11-30",0.01891,{"date":181,"score":54,"percentile":182},"2025-12-01",0.01928,{"date":184,"score":54,"percentile":185},"2025-12-02",0.01927,{"date":187,"score":54,"percentile":188},"2025-12-03",0.01936,{"date":190,"score":54,"percentile":191},"2025-12-04",0.019,{"date":193,"score":54,"percentile":194},"2025-12-05",0.01915,{"date":196,"score":54,"percentile":197},"2025-12-06",0.01919,{"date":199,"score":54,"percentile":200},"2025-12-07",0.01916,{"date":202,"score":54,"percentile":200},"2025-12-08",{"date":204,"score":54,"percentile":205},"2025-12-09",0.01933,{"date":207,"score":54,"percentile":208},"2025-12-10",0.01959,{"date":210,"score":54,"percentile":211},"2025-12-11",0.01952,{"date":213,"score":54,"percentile":214},"2025-12-12",0.01958,{"date":216,"score":54,"percentile":217},"2025-12-13",0.01941,{"date":219,"score":54,"percentile":220},"2025-12-14",0.01943,{"date":222,"score":54,"percentile":223},"2025-12-15",0.01935,{"date":225,"score":54,"percentile":226},"2025-12-16",0.0193,{"date":228,"score":54,"percentile":229},"2025-12-17",0.01945,{"date":231,"score":54,"percentile":220},"2025-12-18",{"date":233,"score":54,"percentile":234},"2025-12-19",0.01944,{"date":236,"score":54,"percentile":234},"2025-12-20",{"date":238,"score":54,"percentile":239},"2025-12-21",0.01956,{"date":241,"score":54,"percentile":242},"2025-12-22",0.01954,{"date":244,"score":54,"percentile":242},"2025-12-23",{"date":246,"score":54,"percentile":247},"2025-12-24",0.01961,{"date":249,"score":54,"percentile":250},"2025-12-25",0.01967,{"date":252,"score":54,"percentile":253},"2025-12-26",0.01969,{"date":255,"score":54,"percentile":229},"2025-12-27",{"date":257,"score":54,"percentile":250},"2025-12-28",{"date":259,"score":54,"percentile":208},"2025-12-29",{"date":261,"score":54,"percentile":262},"2025-12-30",0.01953,{"date":264,"score":54,"percentile":265},"2025-12-31",0.0195,{"date":267,"score":54,"percentile":268},"2026-01-01",0.01977,{"date":270,"score":54,"percentile":271},"2026-01-02",0.0197,{"date":273,"score":54,"percentile":268},"2026-01-03",{"date":275,"score":54,"percentile":276},"2026-01-04",0.01938,{"date":278,"score":54,"percentile":279},"2026-01-05",0.01942,{"date":281,"score":54,"percentile":188},"2026-01-06",{"date":283,"score":54,"percentile":211},"2026-01-07",{"date":285,"score":54,"percentile":253},"2026-01-08",{"date":287,"score":54,"percentile":288},"2026-01-09",0.01988,{"date":290,"score":54,"percentile":291},"2026-01-10",0.02002,{"date":293,"score":54,"percentile":294},"2026-01-11",0.0199,{"date":296,"score":54,"percentile":297},"2026-01-12",0.01993,{"date":299,"score":54,"percentile":300},"2026-01-13",0.01984,{"date":302,"score":54,"percentile":303},"2026-01-14",0.01992,{"date":305,"score":54,"percentile":306},"2026-01-15",0.01985,{"date":308,"score":54,"percentile":309},"2026-01-16",0.01987,{"date":311,"score":54,"percentile":312},"2026-01-17",0.01989,{"date":314,"score":54,"percentile":315},"2026-01-18",0.02,{"date":317,"score":54,"percentile":294},"2026-01-19",{"date":319,"score":54,"percentile":268},"2026-01-20",{"date":321,"score":54,"percentile":322},"2026-01-21",0.01975,{"date":324,"score":54,"percentile":253},"2026-01-22",{"date":326,"score":54,"percentile":268},"2026-01-23",{"date":328,"score":54,"percentile":288},"2026-01-24",{"date":330,"score":54,"percentile":331},"2026-01-25",0.0198,{"date":333,"score":54,"percentile":334},"2026-01-26",0.01979,{"date":336,"score":54,"percentile":337},"2026-01-27",0.01974,{"date":339,"score":54,"percentile":268},"2026-01-28",{"date":341,"score":54,"percentile":342},"2026-01-29",0.01995,{"date":344,"score":54,"percentile":345},"2026-01-30",0.01996,{"date":347,"score":54,"percentile":348},"2026-01-31",0.02016,{"date":350,"score":54,"percentile":351},"2026-02-01",0.02048,[353],{"source":58,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":354,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":355,"vectorString":59,"impactScore":356,"exploitabilityScore":357},"HIGH",9.8,4.6,[359,391],{"ecosystem":9,"name":360,"vendor":361,"product":361,"cpe_part":362,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":363},"Linux","linux","a",[364,371,374,377,380,383,386,389],{"version":365,"is_range":366,"range_type":64,"version_start":367,"version_start_type":368,"version_end":369,"version_end_type":370,"fixed_in":9},">= dd2283f2605e3b3e9c61bcae844b34f2afa4813f, \u003C a53e15e592b4dcc91c3a3b8514e484a0bdbc53a3",true,"dd2283f2605e3b3e9c61bcae844b34f2afa4813f","including","a53e15e592b4dcc91c3a3b8514e484a0bdbc53a3","excluding",{"version":372,"is_range":366,"range_type":64,"version_start":367,"version_start_type":368,"version_end":373,"version_end_type":370,"fixed_in":9},">= dd2283f2605e3b3e9c61bcae844b34f2afa4813f, \u003C c8c1158ffb007197f31f9d9170cf13e4f34cbb5c","c8c1158ffb007197f31f9d9170cf13e4f34cbb5c",{"version":375,"is_range":366,"range_type":64,"version_start":367,"version_start_type":368,"version_end":376,"version_end_type":370,"fixed_in":9},">= dd2283f2605e3b3e9c61bcae844b34f2afa4813f, \u003C 8ad4d580e8aff8de2a4d57c5930fcc29f1ffd4a6","8ad4d580e8aff8de2a4d57c5930fcc29f1ffd4a6",{"version":378,"is_range":366,"range_type":64,"version_start":367,"version_start_type":368,"version_end":379,"version_end_type":370,"fixed_in":9},">= dd2283f2605e3b3e9c61bcae844b34f2afa4813f, \u003C 9fa04c93f24138747807fe75b5591bb680098f56","9fa04c93f24138747807fe75b5591bb680098f56",{"version":381,"is_range":366,"range_type":64,"version_start":367,"version_start_type":368,"version_end":382,"version_end_type":370,"fixed_in":9},">= dd2283f2605e3b3e9c61bcae844b34f2afa4813f, \u003C a49087ab93508b60d9b8add91707a22dda832869","a49087ab93508b60d9b8add91707a22dda832869",{"version":384,"is_range":366,"range_type":64,"version_start":367,"version_start_type":368,"version_end":385,"version_end_type":370,"fixed_in":9},">= dd2283f2605e3b3e9c61bcae844b34f2afa4813f, \u003C e074686e993ff1be5f21b085a3b1b4275ccd5727","e074686e993ff1be5f21b085a3b1b4275ccd5727",{"version":387,"is_range":366,"range_type":64,"version_start":367,"version_start_type":368,"version_end":388,"version_end_type":370,"fixed_in":9},">= dd2283f2605e3b3e9c61bcae844b34f2afa4813f, \u003C 3f489c2067c5824528212b0fc18b28d51332d906","3f489c2067c5824528212b0fc18b28d51332d906",{"version":390,"is_range":52,"range_type":64,"version_start":390,"version_start_type":368,"version_end":390,"version_end_type":368,"fixed_in":9},"4.20",{"ecosystem":9,"name":392,"vendor":361,"product":393,"cpe_part":394,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":395},"linux kernel","linux_kernel","o",[396,401,405,409,413,417],{"version":397,"is_range":366,"range_type":398,"version_start":399,"version_start_type":368,"version_end":400,"version_end_type":370,"fixed_in":9},"gte4.20.0_lt5.4.268","cpe","4.20.0","5.4.268",{"version":402,"is_range":366,"range_type":398,"version_start":403,"version_start_type":368,"version_end":404,"version_end_type":370,"fixed_in":9},"gte5.5.0_lt5.10.209","5.5.0","5.10.209",{"version":406,"is_range":366,"range_type":398,"version_start":407,"version_start_type":368,"version_end":408,"version_end_type":370,"fixed_in":9},"gte5.11.0_lt5.15.148","5.11.0","5.15.148",{"version":410,"is_range":366,"range_type":398,"version_start":411,"version_start_type":368,"version_end":412,"version_end_type":370,"fixed_in":9},"gte5.16.0_lt6.1.74","5.16.0","6.1.74",{"version":414,"is_range":366,"range_type":398,"version_start":415,"version_start_type":368,"version_end":416,"version_end_type":370,"fixed_in":9},"gte6.2.0_lt6.6.13","6.2.0","6.6.13",{"version":418,"is_range":366,"range_type":398,"version_start":419,"version_start_type":368,"version_end":420,"version_end_type":370,"fixed_in":9},"gte6.7.0_lt6.7.1","6.7.0","6.7.1"]