{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53484","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-01T11:39:39.402Z","datePublished":"2025-10-01T11:42:52.590Z","dateUpdated":"2026-05-11T19:45:52.858Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:45:52.858Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlib: cpu_rmap: Avoid use after free on rmap->obj array entries\n\nWhen calling irq_set_affinity_notifier() with NULL at the notify\nargument, it will cause freeing of the glue pointer in the\ncorresponding array entry but will leave the pointer in the array. A\nsubsequent call to free_irq_cpu_rmap() will try to free this entry again\nleading to possible use after free.\n\nFix that by setting NULL to the array entry and checking that we have\nnon-zero at the array entry when iterating over the array in\nfree_irq_cpu_rmap().\n\nThe current code does not suffer from this since there are no cases\nwhere irq_set_affinity_notifier(irq, NULL) (note the NULL passed for the\nnotify arg) is called, followed by a call to free_irq_cpu_rmap() so we\ndon't hit and issue. Subsequent patches in this series excersize this\nflow, hence the required fix."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["lib/cpu_rmap.c"],"versions":[{"version":"896f97ea95c1d29c0520ee0766b66b7f64cb967c","lessThan":"981f339d2905b6a92ef59358158b326493aecac5","status":"affected","versionType":"git"},{"version":"896f97ea95c1d29c0520ee0766b66b7f64cb967c","lessThan":"d1308bd0b24cb1d78fa2747d5fa3e055cc628a48","status":"affected","versionType":"git"},{"version":"896f97ea95c1d29c0520ee0766b66b7f64cb967c","lessThan":"cc2d2b3dbfb0ba57bc027fb7e1121250c50e4000","status":"affected","versionType":"git"},{"version":"896f97ea95c1d29c0520ee0766b66b7f64cb967c","lessThan":"f748e15253833b771acbede14ea98f50831ac289","status":"affected","versionType":"git"},{"version":"896f97ea95c1d29c0520ee0766b66b7f64cb967c","lessThan":"c6ed54dd90698dc0744d669524cc1c122ded8a16","status":"affected","versionType":"git"},{"version":"896f97ea95c1d29c0520ee0766b66b7f64cb967c","lessThan":"c9115f49cf260d24d8b5f2d9a4b63cb31a627bb4","status":"affected","versionType":"git"},{"version":"896f97ea95c1d29c0520ee0766b66b7f64cb967c","lessThan":"67bca5f1d644f4e79b694abd8052a177de81c37f","status":"affected","versionType":"git"},{"version":"896f97ea95c1d29c0520ee0766b66b7f64cb967c","lessThan":"4e0473f1060aa49621d40a113afde24818101d37","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["lib/cpu_rmap.c"],"versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","status":"unaffected","versionType":"semver"},{"version":"4.14.316","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.284","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.244","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.181","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.113","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.30","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.3.4","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"4.14.316"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"4.19.284"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.4.244"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.181"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.15.113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.1.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.3.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/981f339d2905b6a92ef59358158b326493aecac5"},{"url":"https://git.kernel.org/stable/c/d1308bd0b24cb1d78fa2747d5fa3e055cc628a48"},{"url":"https://git.kernel.org/stable/c/cc2d2b3dbfb0ba57bc027fb7e1121250c50e4000"},{"url":"https://git.kernel.org/stable/c/f748e15253833b771acbede14ea98f50831ac289"},{"url":"https://git.kernel.org/stable/c/c6ed54dd90698dc0744d669524cc1c122ded8a16"},{"url":"https://git.kernel.org/stable/c/c9115f49cf260d24d8b5f2d9a4b63cb31a627bb4"},{"url":"https://git.kernel.org/stable/c/67bca5f1d644f4e79b694abd8052a177de81c37f"},{"url":"https://git.kernel.org/stable/c/4e0473f1060aa49621d40a113afde24818101d37"}],"title":"lib: cpu_rmap: Avoid use after free on rmap->obj array entries","x_generator":{"engine":"bippy-1.2.0"}}}}