[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-52489":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":58,"duplicate_of":9,"upstream":59,"downstream":60,"duplicates":133,"related":134,"reserved_at":9,"published_at":154,"modified_at":155,"state":156,"summary":157,"references_raw":165,"kevs":193,"epss":194,"epss_history":197,"metrics":414,"affected":420},"CVE-2023-52489","In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section->usage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN's are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL].  Since normal zone start and end\npfn contains the device memory PFN's as well, the compaction triggered\nwill try on the device memory PFN's too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections).  When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled.  The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n   ......\n (a)pfn_valid():\n     valid_section()//return true\n\t\t\t      (b)__remove_pages()->\n\t\t\t\t  sparse_remove_section()->\n\t\t\t\t    section_deactivate():\n\t\t\t\t    [Free the array ms->usage and set\n\t\t\t\t     ms->usage = NULL]\n     pfn_section_valid()\n     [Access ms->usage which\n     is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms->usage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the ->usage.\n\nb) RCU protected read side critical section will either return NULL\n   when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage.\n\nc) Free the ->usage with kfree_rcu() and set ms->usage = NULL.  No\n   attempt will be made to access ->usage after this as the\n   SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN's as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log.  Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms->usage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[  540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[  540.578068] Mem abort info:\n[  540.578070]   ESR = 0x0000000096000005\n[  540.578073]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  540.578077]   SET = 0, FnV = 0\n[  540.578080]   EA = 0, S1PTW = 0\n[  540.578082]   FSC = 0x05: level 1 translation fault\n[  540.578085] Data abort info:\n[  540.578086]   ISV = 0, ISS = 0x00000005\n[  540.578088]   CM = 0, WnR = 0\n[  540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[  540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[  540.579454] lr : compact_zone+0x994/0x1058\n[  540.579460] sp : ffffffc03579b510\n[  540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[  540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[  540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[  540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[  540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[  540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[  540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[  540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[  540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","weakness","Draft","Class","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-26","Leveraging Race Conditions",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[29,38,42,46,50,54],{"_key":30,"name":31,"source":32,"url":33,"maturity":34,"reliability_score":35,"verified":36,"type":9,"platforms":37,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_42AF7DCF1E9164ED","Exploit Reference (git.kernel.org)","reference","https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea","unknown",0.2,false,[],{"_key":39,"name":31,"source":32,"url":40,"maturity":34,"reliability_score":35,"verified":36,"type":9,"platforms":41,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_210E621638BF7406","https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529",[],{"_key":43,"name":31,"source":32,"url":44,"maturity":34,"reliability_score":35,"verified":36,"type":9,"platforms":45,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_B5111B7546667187","https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a",[],{"_key":47,"name":31,"source":32,"url":48,"maturity":34,"reliability_score":35,"verified":36,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_496DED524B744CE5","https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97",[],{"_key":51,"name":31,"source":32,"url":52,"maturity":34,"reliability_score":35,"verified":36,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_8997404A45888B86","https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7",[],{"_key":55,"name":31,"source":32,"url":56,"maturity":34,"reliability_score":35,"verified":36,"type":9,"platforms":57,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_2524C80666CBFDBD","https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800",[],[],[],[61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131],{"_key":62},"SUSE-SU-2024:3227-1",{"_key":64},"SUSE-SU-2024:3408-1",{"_key":66},"SUSE-SU-2025:0289-1",{"_key":68},"SUSE-SU-2024:3190-1",{"_key":70},"SUSE-SU-2024:3194-1",{"_key":72},"SUSE-SU-2024:3195-1",{"_key":74},"SUSE-SU-2024:3209-1",{"_key":76},"SUSE-SU-2024:3383-1",{"_key":78},"SUSE-SU-2024:3483-1",{"_key":80},"SUSE-SU-2025:0428-1",{"_key":82},"SUSE-SU-2025:0499-1",{"_key":84},"DLA-3842-1",{"_key":86},"DSA-5681-1",{"_key":88},"SUSE-SU-2025:20044-1",{"_key":90},"SUSE-SU-2025:20047-1",{"_key":92},"DEBIAN-CVE-2023-52489",{"_key":94},"RHSA-2024:10262",{"_key":96},"RHSA-2024:2950",{"_key":98},"RHSA-2024:6990",{"_key":100},"RHSA-2024:6991",{"_key":102},"RHSA-2024:8613",{"_key":104},"RHSA-2024:8614",{"_key":106},"RHSA-2024:2394",{"_key":108},"RHSA-2024:3138",{"_key":110},"UBUNTU-CVE-2023-52489",{"_key":112},"USN-6766-1",{"_key":114},"USN-6766-2",{"_key":116},"USN-6766-3",{"_key":118},"USN-6795-1",{"_key":120},"USN-6818-1",{"_key":122},"USN-6818-3",{"_key":124},"USN-6818-4",{"_key":126},"USN-6819-1",{"_key":128},"USN-6819-3",{"_key":130},"USN-6819-4",{"_key":132},"USN-6828-1",[],[135,136,137,138,140,142,144,145,146,147,148,149,150,151,152,153],{"_key":62},{"_key":64},{"_key":66},{"_key":139},"USN-6765-1",{"_key":141},"USN-6818-2",{"_key":143},"USN-6819-2",{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":88},{"_key":90},"2024-02-29T15:52:08.718Z","2026-05-11T19:28:19.292Z","Analyzed",{"cisa_kev":36,"cisa_ransomware":36,"cisa_vendor":9,"epss_severity":158,"epss_score":159,"severity":160,"severity_score":161,"severity_version":162,"severity_source":163,"severity_vector":164,"severity_status":156},"low",0.00006,"medium",4.7,"v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",[166,173,176,179,182,185,188],{"url":33,"sources":167,"tags":169},[168,163],"cve.org",[170,171,172],"Exploit","Mailing List","Patch",{"url":40,"sources":174,"tags":175},[168,163],[170,171,172],{"url":44,"sources":177,"tags":178},[168,163],[170,171,172],{"url":48,"sources":180,"tags":181},[168,163],[170,171,172],{"url":52,"sources":183,"tags":184},[168,163],[170,171,172],{"url":56,"sources":186,"tags":187},[168,163],[170,171,172],{"url":189,"sources":190,"tags":191},"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",[168,163],[192,171],"X Transferred",[],{"date":195,"score":159,"percentile":196},"2026-06-03",0.00436,[198,201,203,206,208,211,214,216,219,222,225,227,229,231,233,237,240,243,246,248,250,252,254,256,259,262,264,266,268,270,272,275,278,280,282,285,288,290,293,296,299,302,304,306,309,311,313,315,318,320,323,326,328,330,332,335,337,340,343,345,347,349,351,353,355,357,359,361,363,365,368,371,374,376,378,380,382,384,386,388,390,392,394,396,398,401,403,406,409,411],{"date":199,"score":159,"percentile":200},"2025-11-04",0.00296,{"date":202,"score":159,"percentile":200},"2025-11-05",{"date":204,"score":159,"percentile":205},"2025-11-06",0.00298,{"date":207,"score":159,"percentile":200},"2025-11-07",{"date":209,"score":159,"percentile":210},"2025-11-08",0.00295,{"date":212,"score":159,"percentile":213},"2025-11-09",0.00294,{"date":215,"score":159,"percentile":213},"2025-11-10",{"date":217,"score":159,"percentile":218},"2025-11-11",0.00291,{"date":220,"score":159,"percentile":221},"2025-11-12",0.00288,{"date":223,"score":159,"percentile":224},"2025-11-13",0.00289,{"date":226,"score":159,"percentile":221},"2025-11-14",{"date":228,"score":159,"percentile":221},"2025-11-15",{"date":230,"score":159,"percentile":221},"2025-11-16",{"date":232,"score":159,"percentile":221},"2025-11-17",{"date":234,"score":235,"percentile":236},"2025-11-18",0.0007,0.17343,{"date":238,"score":235,"percentile":239},"2025-11-19",0.17362,{"date":241,"score":235,"percentile":242},"2025-11-20",0.17338,{"date":244,"score":159,"percentile":245},"2025-11-21",0.00293,{"date":247,"score":159,"percentile":245},"2025-11-22",{"date":249,"score":159,"percentile":245},"2025-11-23",{"date":251,"score":159,"percentile":245},"2025-11-24",{"date":253,"score":159,"percentile":245},"2025-11-25",{"date":255,"score":159,"percentile":245},"2025-11-26",{"date":257,"score":159,"percentile":258},"2025-11-27",0.00292,{"date":260,"score":159,"percentile":261},"2025-11-28",0.00297,{"date":263,"score":159,"percentile":261},"2025-11-29",{"date":265,"score":159,"percentile":261},"2025-11-30",{"date":267,"score":159,"percentile":210},"2025-12-01",{"date":269,"score":159,"percentile":200},"2025-12-02",{"date":271,"score":159,"percentile":200},"2025-12-03",{"date":273,"score":159,"percentile":274},"2025-12-04",0.00299,{"date":276,"score":159,"percentile":277},"2025-12-05",0.003,{"date":279,"score":159,"percentile":274},"2025-12-06",{"date":281,"score":159,"percentile":274},"2025-12-07",{"date":283,"score":159,"percentile":284},"2025-12-08",0.00304,{"date":286,"score":159,"percentile":287},"2025-12-09",0.00314,{"date":289,"score":159,"percentile":287},"2025-12-10",{"date":291,"score":159,"percentile":292},"2025-12-11",0.00317,{"date":294,"score":159,"percentile":295},"2025-12-12",0.00321,{"date":297,"score":159,"percentile":298},"2025-12-13",0.0032,{"date":300,"score":159,"percentile":301},"2025-12-14",0.00316,{"date":303,"score":159,"percentile":287},"2025-12-15",{"date":305,"score":159,"percentile":287},"2025-12-16",{"date":307,"score":159,"percentile":308},"2025-12-17",0.00313,{"date":310,"score":159,"percentile":308},"2025-12-18",{"date":312,"score":159,"percentile":308},"2025-12-19",{"date":314,"score":159,"percentile":308},"2025-12-20",{"date":316,"score":159,"percentile":317},"2025-12-21",0.00312,{"date":319,"score":159,"percentile":317},"2025-12-22",{"date":321,"score":159,"percentile":322},"2025-12-23",0.00311,{"date":324,"score":159,"percentile":325},"2025-12-24",0.0031,{"date":327,"score":159,"percentile":325},"2025-12-25",{"date":329,"score":159,"percentile":325},"2025-12-26",{"date":331,"score":159,"percentile":287},"2025-12-27",{"date":333,"score":159,"percentile":334},"2025-12-28",0.00309,{"date":336,"score":159,"percentile":334},"2025-12-29",{"date":338,"score":159,"percentile":339},"2025-12-30",0.00307,{"date":341,"score":159,"percentile":342},"2025-12-31",0.00308,{"date":344,"score":159,"percentile":334},"2026-01-01",{"date":346,"score":159,"percentile":322},"2026-01-02",{"date":348,"score":159,"percentile":339},"2026-01-03",{"date":350,"score":159,"percentile":334},"2026-01-04",{"date":352,"score":159,"percentile":334},"2026-01-05",{"date":354,"score":159,"percentile":342},"2026-01-06",{"date":356,"score":159,"percentile":339},"2026-01-07",{"date":358,"score":159,"percentile":342},"2026-01-08",{"date":360,"score":159,"percentile":342},"2026-01-09",{"date":362,"score":159,"percentile":342},"2026-01-10",{"date":364,"score":159,"percentile":342},"2026-01-11",{"date":366,"score":159,"percentile":367},"2026-01-12",0.00305,{"date":369,"score":159,"percentile":370},"2026-01-13",0.00303,{"date":372,"score":159,"percentile":373},"2026-01-14",0.00306,{"date":375,"score":159,"percentile":373},"2026-01-15",{"date":377,"score":159,"percentile":342},"2026-01-16",{"date":379,"score":159,"percentile":339},"2026-01-17",{"date":381,"score":159,"percentile":334},"2026-01-18",{"date":383,"score":159,"percentile":334},"2026-01-19",{"date":385,"score":159,"percentile":339},"2026-01-20",{"date":387,"score":159,"percentile":342},"2026-01-21",{"date":389,"score":159,"percentile":342},"2026-01-22",{"date":391,"score":159,"percentile":322},"2026-01-23",{"date":393,"score":159,"percentile":308},"2026-01-24",{"date":395,"score":159,"percentile":308},"2026-01-25",{"date":397,"score":159,"percentile":287},"2026-01-26",{"date":399,"score":159,"percentile":400},"2026-01-27",0.00318,{"date":402,"score":159,"percentile":298},"2026-01-28",{"date":404,"score":159,"percentile":405},"2026-01-29",0.00322,{"date":407,"score":159,"percentile":408},"2026-01-30",0.00329,{"date":410,"score":159,"percentile":408},"2026-01-31",{"date":412,"score":159,"percentile":413},"2026-02-01",0.00327,[415],{"source":163,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":416,"cvss_v4_0":9},{"baseScore":161,"baseSeverity":417,"vectorString":164,"impactScore":418,"exploitabilityScore":419},"MEDIUM",6,2.6,[421,430,459],{"ecosystem":9,"name":422,"vendor":423,"product":424,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"debian linux","debian","debian_linux","o",[427],{"version":428,"is_range":36,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":431,"vendor":432,"product":432,"cpe_part":433,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":434},"Linux","linux","a",[435,442,445,448,451,454,457],{"version":436,"is_range":437,"range_type":168,"version_start":438,"version_start_type":439,"version_end":440,"version_end_type":441,"fixed_in":9},">= f46edbd1b1516da1fb34c917775168d5df576f78, \u003C 90ad17575d26874287271127d43ef3c2af876cea",true,"f46edbd1b1516da1fb34c917775168d5df576f78","including","90ad17575d26874287271127d43ef3c2af876cea","excluding",{"version":443,"is_range":437,"range_type":168,"version_start":438,"version_start_type":439,"version_end":444,"version_end_type":441,"fixed_in":9},">= f46edbd1b1516da1fb34c917775168d5df576f78, \u003C b448de2459b6d62a53892487ab18b7d823ff0529","b448de2459b6d62a53892487ab18b7d823ff0529",{"version":446,"is_range":437,"range_type":168,"version_start":438,"version_start_type":439,"version_end":447,"version_end_type":441,"fixed_in":9},">= f46edbd1b1516da1fb34c917775168d5df576f78, \u003C 68ed9e33324021e9d6b798e9db00ca3093d2012a","68ed9e33324021e9d6b798e9db00ca3093d2012a",{"version":449,"is_range":437,"range_type":168,"version_start":438,"version_start_type":439,"version_end":450,"version_end_type":441,"fixed_in":9},">= f46edbd1b1516da1fb34c917775168d5df576f78, \u003C 70064241f2229f7ba7b9599a98f68d9142e81a97","70064241f2229f7ba7b9599a98f68d9142e81a97",{"version":452,"is_range":437,"range_type":168,"version_start":438,"version_start_type":439,"version_end":453,"version_end_type":441,"fixed_in":9},">= f46edbd1b1516da1fb34c917775168d5df576f78, \u003C 3a01daace71b521563c38bbbf874e14c3e58adb7","3a01daace71b521563c38bbbf874e14c3e58adb7",{"version":455,"is_range":437,"range_type":168,"version_start":438,"version_start_type":439,"version_end":456,"version_end_type":441,"fixed_in":9},">= f46edbd1b1516da1fb34c917775168d5df576f78, \u003C 5ec8e8ea8b7783fab150cf86404fc38cb4db8800","5ec8e8ea8b7783fab150cf86404fc38cb4db8800",{"version":458,"is_range":36,"range_type":168,"version_start":458,"version_start_type":439,"version_end":458,"version_end_type":439,"fixed_in":9},"5.3",{"ecosystem":9,"name":460,"vendor":432,"product":461,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"linux kernel","linux_kernel",[463,466,470,474,478],{"version":464,"is_range":437,"range_type":429,"version_start":458,"version_start_type":439,"version_end":465,"version_end_type":441,"fixed_in":9},"gte5.3_lt5.10.210","5.10.210",{"version":467,"is_range":437,"range_type":429,"version_start":468,"version_start_type":439,"version_end":469,"version_end_type":441,"fixed_in":9},"gte5.11_lt5.15.149","5.11","5.15.149",{"version":471,"is_range":437,"range_type":429,"version_start":472,"version_start_type":439,"version_end":473,"version_end_type":441,"fixed_in":9},"gte5.16_lt6.1.76","5.16","6.1.76",{"version":475,"is_range":437,"range_type":429,"version_start":476,"version_start_type":439,"version_end":477,"version_end_type":441,"fixed_in":9},"gte6.2_lt6.6.15","6.2","6.6.15",{"version":479,"is_range":437,"range_type":429,"version_start":480,"version_start_type":439,"version_end":481,"version_end_type":441,"fixed_in":9},"gte6.7_lt6.7.3","6.7","6.7.3"]