CVE-2023-52931

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Avoid potential vm use-after-free

Adding the vm to the vm_xa table makes it visible to userspace, which
could try to race with us to close the vm.  So we need to take our extra
reference before putting it in the table.

(cherry picked from commit 99343c46d4e2b34c285d3d5f68ff04274c2f9fb4)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
LinuxCNA
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.11
linuxlinux_kernel
6.2:rc1
linuxlinux_kernel
6.2:rc2
linuxlinux_kernel
6.2:rc3
linuxlinux_kernel
6.2:rc4
linuxlinux_kernel
6.2:rc5
linuxlinux_kernel
6.2:rc6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.19-1
fixed
sid
6.12.20-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/41d419382ec7e257e54b7b6ff0d3623aafb1316d
https://git.kernel.org/stable/c/764accc2c1b8fd1507be2e7f436c94cdce887a00