What is CVE-2023-52801?

CVE-2023-52801 is a Critical severity Linux kernel vulnerability with a CVSS score of 9.1 out of 10, classified as a Improper Access Control flaw (CWE-284). CVE-2023-52801 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-52801?

CVE-2023-52801 has a CVSS score of 9.1 out of 10, rated Critical severity. The vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Is there a patch available for CVE-2023-52801?

No patch is currently available for CVE-2023-52801. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2023-52801 actively exploited?

CVE-2023-52801 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Improper Access Control (CWE-284)?

The product does not restrict or incorrectly restricts access to a resource from an unauthorised actor. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/284.html

CVE-2023-52801

Critical

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinserted. Otherwise the domains_itree becomes corrupted and we will UAF.

Package Linux Kernel

Published 2024-05-21

Last modified 2025-04-02

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

9.1

out of 10

Critical

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Weakness type

CWE-284

CVE-2023-52801 is a Improper Access Control vulnerability

What is Improper Access Control?

The product does not restrict or incorrectly restricts access to a resource from an unauthorised actor. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2023-52801 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/836db2e7e4565d8218923b3552304a1637e2f28d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/e7250ab7ca4998fe026f2149805b03e09dc32498
Patch
Kernel patch commit
https://git.kernel.org/stable/c/fcb32111f01ddf3cbd04644cde1773428e31de6a
Patch

Details

CVE ID CVE-2023-52801

Severity Critical

CVSS score 9.1 / 10

CVSS version 3.1

Published 2024-05-21

Modified 2025-04-02

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2023-52801?

CVE-2023-52801 is a Critical severity Linux kernel vulnerability with a CVSS score of 9.1 out of 10 , classified as an Improper Access Control flaw (CWE-284) . CVE-2023-52801 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2023-52801?

CVE-2023-52801 has a CVSS score of 9.1 out of 10, rated Critical severity (CVSS 3.1). The vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.
Is there a patch available for CVE-2023-52801?

No patch is currently available for CVE-2023-52801. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2023-52801 actively exploited?

No — CVE-2023-52801 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Improper Access Control (CWE-284)?

The product does not restrict or incorrectly restricts access to a resource from an unauthorised actor. View CWE-284 on MITRE CWE →