{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52930", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T06:07:11.019Z", "datePublished": "2025-03-27T16:37:12.302Z", "dateUpdated": "2025-10-01T19:26:36.577Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:46:14.069Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential bit_17 double-free\n\nA userspace with multiple threads racing I915_GEM_SET_TILING to set the\ntiling to I915_TILING_NONE could trigger a double free of the bit_17\nbitmask. (Or conversely leak memory on the transition to tiled.) Move\nallocation/free'ing of the bitmask within the section protected by the\nobj lock.\n\n[tursulin: Correct fixes tag and added cc stable.]\n(cherry picked from commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/i915/gem/i915_gem_tiling.c"], "versions": [{"version": "2850748ef8763ab46958e43a4d1c445f29eeb37d", "lessThan": "b591abac78e25269b12e3d7170c99463f8c5cb02", "status": "affected", "versionType": "git"}, {"version": "2850748ef8763ab46958e43a4d1c445f29eeb37d", "lessThan": "e3ebc3e23bd9028a8a9a26cbc5985f99be445f65", "status": "affected", "versionType": "git"}, {"version": "2850748ef8763ab46958e43a4d1c445f29eeb37d", "lessThan": "0769f997a7b6d5cb8336db0b4ec3d2d311b8097c", "status": "affected", "versionType": "git"}, {"version": "2850748ef8763ab46958e43a4d1c445f29eeb37d", "lessThan": "7057a8f126f14f14b040faecfa220fd27c6c2f85", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/i915/gem/i915_gem_tiling.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.168", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.93", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.11", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.15.93"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.1.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b591abac78e25269b12e3d7170c99463f8c5cb02"}, {"url": "https://git.kernel.org/stable/c/e3ebc3e23bd9028a8a9a26cbc5985f99be445f65"}, {"url": "https://git.kernel.org/stable/c/0769f997a7b6d5cb8336db0b4ec3d2d311b8097c"}, {"url": "https://git.kernel.org/stable/c/7057a8f126f14f14b040faecfa220fd27c6c2f85"}], "title": "drm/i915: Fix potential bit_17 double-free", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52930", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-01T19:25:16.883410Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415 Double Free"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T19:26:36.577Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52930", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-01T19:25:16.883410Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415 Double Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T14:35:39.103Z"}}], "cna": {"title": "drm/i915: Fix potential bit_17 double-free", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2850748ef8763ab46958e43a4d1c445f29eeb37d", "lessThan": "b591abac78e25269b12e3d7170c99463f8c5cb02", "versionType": "git"}, {"status": "affected", "version": "2850748ef8763ab46958e43a4d1c445f29eeb37d", "lessThan": "e3ebc3e23bd9028a8a9a26cbc5985f99be445f65", "versionType": "git"}, {"status": "affected", "version": "2850748ef8763ab46958e43a4d1c445f29eeb37d", "lessThan": "0769f997a7b6d5cb8336db0b4ec3d2d311b8097c", "versionType": "git"}, {"status": "affected", "version": "2850748ef8763ab46958e43a4d1c445f29eeb37d", "lessThan": "7057a8f126f14f14b040faecfa220fd27c6c2f85", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/i915/gem/i915_gem_tiling.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.168", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.93", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.11", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/i915/gem/i915_gem_tiling.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b591abac78e25269b12e3d7170c99463f8c5cb02"}, {"url": "https://git.kernel.org/stable/c/e3ebc3e23bd9028a8a9a26cbc5985f99be445f65"}, {"url": "https://git.kernel.org/stable/c/0769f997a7b6d5cb8336db0b4ec3d2d311b8097c"}, {"url": "https://git.kernel.org/stable/c/7057a8f126f14f14b040faecfa220fd27c6c2f85"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential bit_17 double-free\n\nA userspace with multiple threads racing I915_GEM_SET_TILING to set the\ntiling to I915_TILING_NONE could trigger a double free of the bit_17\nbitmask. (Or conversely leak memory on the transition to tiled.) Move\nallocation/free'ing of the bitmask within the section protected by the\nobj lock.\n\n[tursulin: Correct fixes tag and added cc stable.]\n(cherry picked from commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.168", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.93", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.11", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.2", "versionStartIncluding": "5.5"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:46:14.069Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52930", "state": "PUBLISHED", "dateUpdated": "2025-10-01T19:26:36.577Z", "dateReserved": "2024-08-21T06:07:11.019Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-03-27T16:37:12.302Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "12258A3F-04BD-49C9-9C6B-D3C1945E8910", "versionEndExcluding": "5.10.168", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "98FAC10E-42A0-4372-B1A0-A49CF672890E", "versionEndExcluding": "5.15.93", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "535D03F4-DA02-49FE-934E-668827E6407B", "versionEndExcluding": "6.1.11", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*", "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*", "matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential bit_17 double-free\n\nA userspace with multiple threads racing I915_GEM_SET_TILING to set the\ntiling to I915_TILING_NONE could trigger a double free of the bit_17\nbitmask. (Or conversely leak memory on the transition to tiled.) Move\nallocation/free'ing of the bitmask within the section protected by the\nobj lock.\n\n[tursulin: Correct fixes tag and added cc stable.]\n(cherry picked from commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915: Se corrige la posible doble liberaci\u00f3n de bit_17. Un espacio de usuario con varios subprocesos que compiten con I915_GEM_SET_TILING para establecer el mosaico en I915_TILING_NONE podr\u00eda provocar una doble liberaci\u00f3n de la m\u00e1scara de bits bit_17. (O, por el contrario, una fuga de memoria al cambiar a mosaico). Se ha trasladado la asignaci\u00f3n/liberaci\u00f3n de la m\u00e1scara de bits dentro de la secci\u00f3n protegida por el bloqueo obj. [tursulin: Se corrige la etiqueta de correcciones y se ha a\u00f1adido la versi\u00f3n estable de cc.] (Seleccionado del commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)"}], "id": "CVE-2023-52930", "lastModified": "2025-10-01T20:17:11.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-27T17:15:42.477", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0769f997a7b6d5cb8336db0b4ec3d2d311b8097c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7057a8f126f14f14b040faecfa220fd27c6c2f85"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b591abac78e25269b12e3d7170c99463f8c5cb02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e3ebc3e23bd9028a8a9a26cbc5985f99be445f65"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-415"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: drm/i915: Fix potential bit_17 double-free", "id": "2355474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355474"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-415", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/i915: Fix potential bit_17 double-free\nA userspace with multiple threads racing I915_GEM_SET_TILING to set the\ntiling to I915_TILING_NONE could trigger a double free of the bit_17\nbitmask. (Or conversely leak memory on the transition to tiled.) Move\nallocation/free'ing of the bitmask within the section protected by the\nobj lock.\n[tursulin: Correct fixes tag and added cc stable.]\n(cherry picked from commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)", "A flaw was found in the Linux kernel's Intel graphics driver (i915), specifically within the Direct Rendering Manager (DRM) subsystem. This issue arises when multiple threads simultaneously attempt to set the tiling mode of a graphics buffer to I915_TILING_NONE using the I915_GEM_SET_TILING ioctl. These concurrent operations can lead to a race condition, resulting in a double-free of the bit_17 bitmask or a memory leak during the transition to a tiled mode. The root cause is the lack of proper synchronization when allocating and freeing the bitmask, leading to potential memory corruption and system instability."], "name": "CVE-2023-52930", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52930\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52930\nhttps://lore.kernel.org/linux-cve-announce/2025032719-CVE-2023-52930-4bbc@gregkh/T"], "statement": "The vulnerability occurs in the i915 driver when using the DRM_IOCTL_I915_GEM_SET_TILING ioctl, which is only accessible to processes with sufficient privileges to open /dev/dri/* (the DRM device). Access to this device node is not granted to unprivileged users by default on most systems.\nExploiting this vulnerability typically requires elevated privileges unless one of the following occurs:\n* The system is configured to allow unprivileged users to access the DRM device node (for example, through udev rules or group membership like video),\n* Or the process is already running with elevated privileges (for example, root).", "threat_severity": "Moderate"}