Login Sign Up

CVE-2023-52664

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability is a double-free memory corruption flaw in the Linux kernel's Atlantic network driver. It allows attackers to potentially crash the system or execute arbitrary code by exploiting memory allocation failures under stress. Systems using affected Linux kernel versions with the atlantic network driver loaded are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with vulnerable atlantic driver code (specific versions not specified in CVE, but patches available in stable kernel trees)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable if the atlantic network driver (for Aquantia/Marvell network cards) is loaded and active. Systems without these network cards may not be affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution allowing complete system compromise.

🟠

Likely Case

System crash or instability when network driver experiences memory pressure, leading to denial of service.

🟢

If Mitigated

Limited to denial of service if kernel hardening features like KASLR and SMAP/SMEP are enabled and effective.

🌐 Internet-Facing: MEDIUM - Requires local access or ability to trigger network driver memory allocation failures, but could be combined with other vulnerabilities.
🏢 Internal Only: MEDIUM - Local attackers could exploit this for privilege escalation or DoS attacks on affected systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific memory allocation failure conditions in the network driver, which may require local access or ability to stress the system's memory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in Linux kernel stable releases via commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. For custom kernels, apply commits: 0edb3ae8bfa31cd544b0c195bdec00e036002b5d, b3cb7a830a24527877b0bc900b9bd74a96aea928, c11a870a73a3bc4cc7df6dd877a45b181795fcbf, d1fde4a7e1dcc4d49cce285107a7a43c3030878d. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable atlantic driver

linux

Prevent loading of vulnerable network driver if not needed

echo 'blacklist atlantic' >> /etc/modprobe.d/blacklist-atlantic.conf
rmmod atlantic

Memory pressure mitigation

linux

Configure system to reduce memory allocation failures

sysctl -w vm.overcommit_memory=2
sysctl -w vm.overcommit_ratio=80

🧯 If You Can't Patch

  • Restrict local access to prevent exploitation by untrusted users
  • Monitor system logs for kernel panics or memory allocation failures related to network driver

🔍 How to Verify

Check if Vulnerable:

Check if atlantic driver is loaded: lsmod | grep atlantic. Check kernel version against patched releases.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes patched commits. Check dmesg for no double-free warnings related to atlantic driver.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Double-free detection warnings in dmesg
  • Memory allocation failure logs from network subsystem

Network Indicators:

  • Sudden network interface disappearance
  • Unusual network driver reloads

SIEM Query:

source="kernel" AND ("double free" OR "atlantic" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2023-52664
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-415
Published: May 17, 2024
Last Updated: January 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52664, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)
CVE-2023-49937 9.8

This CVE describes a double-free vulnerability in SchedMD Slurm workload manager that allows attacke...

Same vulnerability type (CWE-415)