CVE-2023-52926

Published: Feb 24, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return). This can lead to a potential use-after-free when the completion via io_rw_done runs at separate context.

Vendor	Product	Versions
Linux	Linux	affected `2b188cc1bb857a9d4701ae59aa7768b5124e262e - < 72060434a14caea20925e492310d6e680e3f9007` affected `2b188cc1bb857a9d4701ae59aa7768b5124e262e - < 6c27fc6a783c8a77c756dd5461b15e465020d075` affected `2b188cc1bb857a9d4701ae59aa7768b5124e262e - < a08d195b586a217d76b42062f88f375a3eedda4d`
Linux	Linux	affected `5.1` unaffected `0 - < 5.1` unaffected `6.1.122 - <= 6.1.` unaffected `6.6.68 - <= 6.6.` unaffected `6.7 - <= *`

References

https://git.kernel.org/stable/c/72060434a14caea20925e492310d6e680e3f9007

https://git.kernel.org/stable/c/6c27fc6a783c8a77c756dd5461b15e465020d075

https://git.kernel.org/stable/c/a08d195b586a217d76b42062f88f375a3eedda4d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52926

Description

Affected Products

References