{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52731", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.232Z", "datePublished": "2024-05-21T15:22:57.282Z", "dateUpdated": "2025-05-04T07:42:07.315Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:42:07.315Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix invalid page access after closing deferred I/O devices\n\nWhen a fbdev with deferred I/O is once opened and closed, the dirty\npages still remain queued in the pageref list, and eventually later\nthose may be processed in the delayed work. This may lead to a\ncorruption of pages, hitting an Oops.\n\nThis patch makes sure to cancel the delayed work and clean up the\npageref list at closing the device for addressing the bug. A part of\nthe cleanup code is factored out as a new helper function that is\ncalled from the common fb_release()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/video/fbdev/core/fb_defio.c", "drivers/video/fbdev/core/fbmem.c", "include/linux/fb.h"], "versions": [{"version": "186b89659c4c67cccead52961eab0ca3b23951dc", "lessThan": "87b9802ca824fcee7915e717e9a60471af62e8e9", "status": "affected", "versionType": "git"}, {"version": "56c134f7f1b58be08bdb0ca8372474a4a5165f31", "lessThan": "f1d91f0e9d5a240a809698d7d9c5a538e7dcc149", "status": "affected", "versionType": "git"}, {"version": "56c134f7f1b58be08bdb0ca8372474a4a5165f31", "lessThan": "3efc61d95259956db25347e2a9562c3e54546e20", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/video/fbdev/core/fb_defio.c", "drivers/video/fbdev/core/fbmem.c", "include/linux/fb.h"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.13", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9"}, {"url": "https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149"}, {"url": "https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20"}], "title": "fbdev: Fix invalid page access after closing deferred I/O devices", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.499Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52731", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:37:38.155499Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:36.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.499Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52731", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:37:38.155499Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:17.587Z"}}], "cna": {"title": "fbdev: Fix invalid page access after closing deferred I/O devices", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "186b89659c4c67cccead52961eab0ca3b23951dc", "lessThan": "87b9802ca824fcee7915e717e9a60471af62e8e9", "versionType": "git"}, {"status": "affected", "version": "56c134f7f1b58be08bdb0ca8372474a4a5165f31", "lessThan": "f1d91f0e9d5a240a809698d7d9c5a538e7dcc149", "versionType": "git"}, {"status": "affected", "version": "56c134f7f1b58be08bdb0ca8372474a4a5165f31", "lessThan": "3efc61d95259956db25347e2a9562c3e54546e20", "versionType": "git"}], "programFiles": ["drivers/video/fbdev/core/fb_defio.c", "drivers/video/fbdev/core/fbmem.c", "include/linux/fb.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.19"}, {"status": "unaffected", "version": "0", "lessThan": "5.19", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.13", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/video/fbdev/core/fb_defio.c", "drivers/video/fbdev/core/fbmem.c", "include/linux/fb.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9"}, {"url": "https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149"}, {"url": "https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix invalid page access after closing deferred I/O devices\n\nWhen a fbdev with deferred I/O is once opened and closed, the dirty\npages still remain queued in the pageref list, and eventually later\nthose may be processed in the delayed work. This may lead to a\ncorruption of pages, hitting an Oops.\n\nThis patch makes sure to cancel the delayed work and clean up the\npageref list at closing the device for addressing the bug. A part of\nthe cleanup code is factored out as a new helper function that is\ncalled from the common fb_release()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:24:36.466Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52731", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:24:36.466Z", "dateReserved": "2024-05-21T15:19:24.232Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:22:57.282Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D75E5BD8-C55B-43BA-8730-33C8DCB1DF91", "versionEndExcluding": "6.1.13", "versionStartIncluding": "5.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*", "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*", "matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*", "matchCriteriaId": "C64BDD9D-C663-4E75-AE06-356EDC392B82", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:*", "matchCriteriaId": "26544390-88E4-41CA-98BF-7BB1E9D4E243", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix invalid page access after closing deferred I/O devices\n\nWhen a fbdev with deferred I/O is once opened and closed, the dirty\npages still remain queued in the pageref list, and eventually later\nthose may be processed in the delayed work. This may lead to a\ncorruption of pages, hitting an Oops.\n\nThis patch makes sure to cancel the delayed work and clean up the\npageref list at closing the device for addressing the bug. A part of\nthe cleanup code is factored out as a new helper function that is\ncalled from the common fb_release()."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: corrige el acceso a p\u00e1ginas no v\u00e1lidas despu\u00e9s de cerrar dispositivos de E/S diferidas. Cuando un fbdev con E/S diferidas se abre y cierra una vez, las p\u00e1ginas sucias a\u00fan permanecen en cola en la lista pageref. y, eventualmente, m\u00e1s adelante, podr\u00e1n procesarse en el trabajo retrasado. Esto puede provocar la corrupci\u00f3n de las p\u00e1ginas y provocar un error. Este parche garantiza cancelar el trabajo retrasado y limpiar la lista de referencias de p\u00e1gina al cerrar el dispositivo para solucionar el error. Una parte del c\u00f3digo de limpieza se factoriza como una nueva funci\u00f3n auxiliar que se llama desde el fb_release() com\u00fan."}], "id": "CVE-2023-52731", "lastModified": "2025-09-23T19:00:21.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T16:15:13.237", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3efc61d95259956db25347e2a9562c3e54546e20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/87b9802ca824fcee7915e717e9a60471af62e8e9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1d91f0e9d5a240a809698d7d9c5a538e7dcc149"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: fbdev: Fix invalid page access after closing deferred I/O devices", "id": "2282787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282787"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfbdev: Fix invalid page access after closing deferred I/O devices\nWhen a fbdev with deferred I/O is once opened and closed, the dirty\npages still remain queued in the pageref list, and eventually later\nthose may be processed in the delayed work. This may lead to a\ncorruption of pages, hitting an Oops.\nThis patch makes sure to cancel the delayed work and clean up the\npageref list at closing the device for addressing the bug. A part of\nthe cleanup code is factored out as a new helper function that is\ncalled from the common fb_release()."], "name": "CVE-2023-52731", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52731\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52731\nhttps://lore.kernel.org/linux-cve-announce/2024052159-CVE-2023-52731-29ab@gregkh/T"], "threat_severity": "Low"}

{}