CVE-2023-52646

aio: fix mremap after fork null-deref

Description

In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [jmoyer@redhat.com: fix 80 column issue]

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95 patch
https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22 patch
https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2 patch
https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f patch
https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1 patch
https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d patch
https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1 patch

Frequently Asked Questions

What is the severity of CVE-2023-52646?
CVE-2023-52646 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52646?
To fix CVE-2023-52646, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52646 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52646 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52646?
CVE-2023-52646 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.