CVE-2023-52677 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: riscv: Check if the code to patch lies in the exit section Otherwise we fall through to vmalloc_to_page() which panics since the address does not lie in the vmalloc region.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f
https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f
https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7
https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc
https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13
https://lore.kernel.org/linux-cve-announce/2024051749-CVE-2023-52677-5d0c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52677
https://www.cve.org/CVERecord?id=CVE-2023-52677

History

Thu, 25 Sep 2025 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Mon, 04 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T14:24:42.051Z

Updated: 2025-05-04T07:41:21.945Z

Reserved: 2024-03-07T14:49:46.886Z

Link: CVE-2023-52677

Vulnrichment

Updated: 2024-08-02T23:11:34.462Z

NVD

Status : Analyzed

Published: 2024-05-17T15:15:18.823

Modified: 2025-09-25T16:18:59.853

Link: CVE-2023-52677

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2023-52677 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52677", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-07T14:49:46.886Z", "datePublished": "2024-05-17T14:24:42.051Z", "dateUpdated": "2025-05-04T07:41:21.945Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:41:21.945Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Check if the code to patch lies in the exit section\n\nOtherwise we fall through to vmalloc_to_page() which panics since the\naddress does not lie in the vmalloc region."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/include/asm/sections.h", "arch/riscv/kernel/patch.c", "arch/riscv/kernel/vmlinux-xip.lds.S", "arch/riscv/kernel/vmlinux.lds.S"], "versions": [{"version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "938f70d14618ec72e10d6fcf8a546134136d7c13", "status": "affected", "versionType": "git"}, {"version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "890cfe5337e0aaf03ece1429db04d23c88da72e7", "status": "affected", "versionType": "git"}, {"version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "8db56df4a954b774bdc68917046a685a9fa2e4bc", "status": "affected", "versionType": "git"}, {"version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "1d7a03052846f34d624d0ab41a879adf5e85c85f", "status": "affected", "versionType": "git"}, {"version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "420370f3ae3d3b883813fd3051a38805160b2b9f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/include/asm/sections.h", "arch/riscv/kernel/patch.c", "arch/riscv/kernel/vmlinux-xip.lds.S", "arch/riscv/kernel/vmlinux.lds.S"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.15.148"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.1.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.6.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.7.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13"}, {"url": "https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7"}, {"url": "https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc"}, {"url": "https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f"}, {"url": "https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f"}], "title": "riscv: Check if the code to patch lies in the exit section", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52677", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T19:44:25.344129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:22.322Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:34.462Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:34.462Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52677", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T19:44:25.344129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T19:44:30.027Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "riscv: Check if the code to patch lies in the exit section", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "938f70d14618ec72e10d6fcf8a546134136d7c13", "versionType": "git"}, {"status": "affected", "version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "890cfe5337e0aaf03ece1429db04d23c88da72e7", "versionType": "git"}, {"status": "affected", "version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "8db56df4a954b774bdc68917046a685a9fa2e4bc", "versionType": "git"}, {"status": "affected", "version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "1d7a03052846f34d624d0ab41a879adf5e85c85f", "versionType": "git"}, {"status": "affected", "version": "043cb41a85de1c0e944da61ad7a264960e22c865", "lessThan": "420370f3ae3d3b883813fd3051a38805160b2b9f", "versionType": "git"}], "programFiles": ["arch/riscv/include/asm/sections.h", "arch/riscv/kernel/patch.c", "arch/riscv/kernel/vmlinux-xip.lds.S", "arch/riscv/kernel/vmlinux.lds.S"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.7"}, {"status": "unaffected", "version": "0", "lessThan": "5.7", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.148", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.75", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.14", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.2", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/riscv/include/asm/sections.h", "arch/riscv/kernel/patch.c", "arch/riscv/kernel/vmlinux-xip.lds.S", "arch/riscv/kernel/vmlinux.lds.S"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13"}, {"url": "https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7"}, {"url": "https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc"}, {"url": "https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f"}, {"url": "https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Check if the code to patch lies in the exit section\n\nOtherwise we fall through to vmalloc_to_page() which panics since the\naddress does not lie in the vmalloc region."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:23:56.577Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52677", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:23:56.577Z", "dateReserved": "2024-03-07T14:49:46.886Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T14:24:42.051Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7926486C-925B-489E-9474-87044AA8542E", "versionEndExcluding": "5.15.148", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "070D0ED3-90D0-4F95-B1FF-57D7F46F332D", "versionEndExcluding": "6.1.75", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C6B50A6-3D8B-4CE2-BDCC-A098609CBA14", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7229C448-E0C9-488B-8939-36BA5254065E", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Check if the code to patch lies in the exit section\n\nOtherwise we fall through to vmalloc_to_page() which panics since the\naddress does not lie in the vmalloc region."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: compruebe si el c\u00f3digo a parchear se encuentra en la secci\u00f3n de salida. De lo contrario, caeremos en vmalloc_to_page(), lo que entra en p\u00e1nico ya que la direcci\u00f3n no se encuentra en la regi\u00f3n vmalloc."}], "id": "CVE-2023-52677", "lastModified": "2025-09-25T16:18:59.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T15:15:18.823", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: riscv: Check if the code to patch lies in the exit section", "id": "2281330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281330"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nriscv: Check if the code to patch lies in the exit section\nOtherwise we fall through to vmalloc_to_page() which panics since the\naddress does not lie in the vmalloc region.", "A vulnerability was found in the RISC-V architecture within the Linux kernel. This issue may allow code to be incorrectly patched in the exit section of the kernel code, leading to unauthorized code execution or system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52677", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52677\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52677\nhttps://lore.kernel.org/linux-cve-announce/2024051749-CVE-2023-52677-5d0c@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}