CVE-2023-52825 : In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd:

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix a race condition of vram buffer unref in svm code prange->svm_bo unref can happen in both mmu callback and a callback after migrate to system ram. Both are async call in different tasks. Sync svm_bo unref operation to avoid random "use-after-free".

Published 2024-05-21 15:31:30

Updated 2025-04-02 15:00:07

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-52825

Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.5.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.64
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 5.15.140
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.6 and before (<) 6.6.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-52825

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-52825

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-05
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-52825

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-52825

https://git.kernel.org/stable/c/709c348261618da7ed89d6c303e2ceb9e453ba74

drm/amdkfd: Fix a race condition of vram buffer unref in svm code - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/7d43cdd22cd81a2b079e864c4321b9aba4c6af34

drm/amdkfd: Fix a race condition of vram buffer unref in svm code - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/c772eacbd6d0845fc922af8716bb9d29ae27b8cf

drm/amdkfd: Fix a race condition of vram buffer unref in svm code - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/fc0210720127cc6302e6d6f3de48f49c3fcf5659

drm/amdkfd: Fix a race condition of vram buffer unref in svm code - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/50f35a907c4f9ed431fd3dbb8b871ef1cbb0718e

drm/amdkfd: Fix a race condition of vram buffer unref in svm code - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2023-52825

Products affected by CVE-2023-52825

Exploit prediction scoring system (EPSS) score for CVE-2023-52825

CVSS scores for CVE-2023-52825

CWE ids for CVE-2023-52825

References for CVE-2023-52825