CVE-2023-52930
Published: 27 March 2025
Summary
CVE-2023-52930 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2023-52930 is a double-free vulnerability in the Linux kernel's drm/i915 driver, specifically affecting the handling of the bit_17 bitmask during tiling operations. The issue arises when userspace applications with multiple threads race to execute the I915_GEM_SET_TILING ioctl to set tiling to I915_TILING_NONE, potentially leading to a double free of the bitmask or, conversely, a memory leak during transitions to tiled modes. This flaw, classified under CWE-415, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability by crafting a multithreaded userspace program that races the I915_GEM_SET_TILING ioctl calls. Successful exploitation could result in high-impact consequences, including arbitrary code execution, denial of service via kernel crashes, or memory corruption, due to the double-free enabling potential use-after-free attacks or memory leaks that disclose sensitive data.
The provided references point to stable kernel patch commits that resolve the issue by moving the allocation and freeing of the bit_17 bitmask inside the section protected by the object lock, preventing the race condition. These patches, cherry-picked from upstream commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e, have been backported to various stable kernel branches, with tags for stable release inclusion. Security practitioners should ensure systems with the Intel i915 driver are updated to kernels incorporating these fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-59760
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit_17 double-free A userspace with multiple threads racing I915_GEM_SET_TILING to set the tiling to I915_TILING_NONE could trigger a double free of the bit_17 bitmask. (Or conversely leak…
more
memory on the transition to tiled.) Move allocation/free'ing of the bitmask within the section protected by the obj lock. [tursulin: Correct fixes tag and added cc stable.] (cherry picked from commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel double-free vulnerability in i915 driver exploitable via userspace ioctl race condition by low-privileged attacker, directly enabling arbitrary code execution and privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the double-free race condition in the i915 driver's bit_17 bitmask handling by applying the stable kernel patches.
Implements memory integrity protections that mitigate exploitation of the double-free vulnerability, reducing risks of code execution or corruption even if unpatched.
Facilitates identification of CVE-2023-52930 through automated vulnerability scanning of kernel components for timely remediation.