CVE-2023-52801

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2023-52801 RHSA-2024:6567 SUSE-SU-2024:2571-1 SUSE-SU-2024:2896-1 SUSE-SU-2024:2973-1 SUSE-SU-2025:20008-1

Analyzed

Published: 21 May 2024, 15:31

Last modified:11 May 2026, 19:33

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.1 CRITICAL

v3.1 (cve.org)

EPSS Score

0.06% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 May 2024, 15:31

Published

Vulnerability first disclosed

11 May 2026, 19:33

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinserted. Otherwise the domains_itree becomes corrupted and we will UAF.

CVSS Metrics

v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Trends

Current EPSS score: 0.06%• Percentile: 19%

Techniques & Countermeasures

CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Affected Systems

linux•linux
≥ 51fe6141f0f64ae0bbc096a41a07572273e8c0ef, < 836db2e7e4565d8218923b3552304a1637e2f28d | ≥ 51fe6141f0f64ae0bbc096a41a07572273e8c0ef, < fcb32111f01ddf3cbd04644cde1773428e31de6a | ≥ 51fe6141f0f64ae0bbc096a41a07572273e8c0ef, < e7250ab7ca4998fe026f2149805b03e09dc32498 | 6.2
linux•linux_kernel
≥ 6.2, < 6.5.13 | ≥ 6.6, < 6.6.3