CVE-2023-52926
Published: 24 February 2025
Summary
CVE-2023-52926 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Deeper analysis
CVE-2023-52926 is a use-after-free vulnerability (CWE-416) in the Linux kernel's io_uring subsystem, specifically affecting the IORING_OP_READ operation. The issue arises because IORING_OP_READ does not correctly consume the provided buffer list when a read I/O returns a negative error code (except for -EAGAIN and -EIOCBQUEUED). This mishandling can lead to a use-after-free condition when the I/O completion is processed via io_rw_done in a separate context. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution, data corruption, or denial of service within the kernel context.
Mitigation involves applying the relevant upstream patches, as documented in kernel stable commit references such as 6c27fc6a783c8a77c756dd5461b15e465020d075, 72060434a14caea20925e492310d6e680e3f9007, and a08d195b586a217d76b42062f88f375a3eedda4d. Debian LTS users are advised to update affected systems per the announcement at lists.debian.org/debian-lts-announce/2025/03/msg00001.html, which details backported fixes for stable branches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4375
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return). This can lead to a potential use-after-free when the…
more
completion via io_rw_done runs at separate context.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel use-after-free in io_uring directly enables exploitation for privilege escalation to kernel context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the use-after-free vulnerability in io_uring's IORING_OP_READ by requiring timely identification, reporting, and patching of the kernel flaw as per upstream commits.
Provides memory protection safeguards like address space layout randomization and non-executable memory that hinder exploitation of the use-after-free in kernel buffer handling.
Mandates secure error handling for negative return codes in I/O operations to prevent improper buffer list consumption leading to use-after-free during io_rw_done completion.