CVE-2023-52795

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52795
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52795.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52795
Downstream
Related
Published
2024-05-21T15:31:09.623Z
Modified
2025-11-26T19:34:24.512495Z
Summary
vhost-vdpa: fix use after free in vhost_vdpa_probe()
Details

In the Linux kernel, the following vulnerability has been resolved:

vhost-vdpa: fix use after free in vhostvdpaprobe()

The putdevice() calls vhostvdpareleasedev() which calls idasimpleremove() and frees "v". So this call to idasimpleremove() is a use after free and a double free.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/9c3874e559580d6c6ec8d449812ac11277724770/cves/2023/52xxx/CVE-2023-52795.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ebe6a354fa7e0a7d5b581da31ad031b19d8693f9
Fixed
c0f8b8fb7df9d1a38652eb5aa817afccd3c56111
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ebe6a354fa7e0a7d5b581da31ad031b19d8693f9
Fixed
ae8ea4e200675a940c365b496ef8e3fb4123601c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ebe6a354fa7e0a7d5b581da31ad031b19d8693f9
Fixed
bf04132cd64ccde4e9e9765d489c83fe83c09b7f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ebe6a354fa7e0a7d5b581da31ad031b19d8693f9
Fixed
e07754e0a1ea2d63fb29574253d1fd7405607343

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.64
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.5.13
Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.3