Cyber Resilience

CVE-2023-52983

High

Published: 27 March 2025

Published
27 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-52983 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2023-52983 is a use-after-free vulnerability (CWE-416) in the Linux kernel's BFQ block IO scheduler. The issue arises in the bic_set_bfqq() function within the block/bfq component, where bic->bfqq is accessed after being freed in certain contexts. This stems from changes introduced by commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"), leading to potential use-after-free conditions during bfqq handling.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), in a local attack vector (AV:L) with unchanged scope (S:U). Exploitation could result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), as indicated by the CVSS 3.1 base score of 7.8.

Mitigation requires applying the relevant stable kernel patches, available via the following git.kernel.org commits: 511c922c5bf6c8a166bea826e702336bc2424140, 7f77f3dab5066a7c9da73d72d1eee895ff84a8d5, b600de2d7d3a16f9007fad1bdae82a3951a26af2, and cb1876fc33af26d00efdd473311f1b664c77c44e. These patches resolve the issue by ensuring bfqq is always freed after bic_set_bfqq().

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_bfqq() After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"), bic->bfqq will be accessed in bic_set_bfqq(), however, in some context bic->bfqq will…

more

be freed, and bic_set_bfqq() is called with the freed bic->bfqq. Fix the problem by always freeing bfqq after bic_set_bfqq().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in Linux kernel BFQ scheduler enables local low-privileged attacker to exploit for privilege escalation with high impact on confidentiality/integrity/availability.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.0.16 · 5.15.86 — 5.15.93 · 6.1.2 — 6.1.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability by requiring timely application of the specified Linux kernel patches to eliminate the flaw in the BFQ scheduler.

prevent

Provides memory protections such as KASLR and SMEP that hinder exploitation of the use-after-free in the kernel's bic_set_bfqq() function even if unpatched.

detect

Vulnerability scanning detects systems with vulnerable Linux kernel versions affected by CVE-2023-52983 in the BFQ block IO scheduler.

References