Login Sign Up

CVE-2023-52835

7.8 HIGH
Denial of Service

📋 TL;DR

A memory allocation vulnerability in the Linux kernel's perf subsystem allows denial of service when attempting to allocate large AUX buffer areas. This affects Linux systems where perf events are used, particularly with ARM SPE (Statistical Profiling Extension) hardware. Attackers with local access can crash the kernel by triggering the WARNING condition.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions not explicitly stated in CVE, but patches exist for stable kernel trees. Likely affects versions before the fix commits.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Requires perf subsystem access and ability to request large AUX buffers (e.g., 4GB). ARM SPE events specifically mentioned but may affect other perf AUX uses.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker causes kernel panic/DoS by triggering the WARNING with large AUX buffer requests, potentially disrupting system availability.

🟠

Likely Case

Accidental triggering by legitimate perf users with large buffer configurations leads to failed perf operations and kernel warnings in logs.

🟢

If Mitigated

Proper access controls prevent unauthorized users from running perf, limiting impact to privileged users only.

🌐 Internet-Facing: LOW - Requires local access to execute perf commands, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local users or compromised accounts could trigger DoS, but requires perf access privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW - Simple command execution with specific parameters.

Exploitation requires local user access and ability to run perf with large AUX buffer parameters. No privilege escalation or code execution demonstrated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel commits: 1a2a4202c60fcdffbf04f259002ce9bff39edece, 2424410f94a94d91230ced094062d859714c984a, 2e905e608e38cf7f8dcddcf8a6036e91a78444cb, 54aee5f15b83437f23b2b2469bcf21bdd9823916, 788c0b3442ead737008934947730a6d1ff703734

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commits. 2. Check distribution security advisories for backported patches. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Restrict perf access

linux

Limit perf subsystem usage to trusted users via kernel.perf_event_paranoid sysctl or capabilities.

sysctl -w kernel.perf_event_paranoid=3
echo 'kernel.perf_event_paranoid=3' >> /etc/sysctl.conf
sysctl -p

Disable perf for untrusted users

linux

Use Linux security modules or capabilities to prevent unauthorized perf usage.

setcap -r /usr/bin/perf
chmod 750 /usr/bin/perf

🧯 If You Can't Patch

  • Restrict perf command access to root/admin users only via filesystem permissions.
  • Monitor system logs for perf-related WARNING messages and investigate unauthorized usage.

🔍 How to Verify

Check if Vulnerable:

Attempt perf record with large AUX buffer: 'perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1' (if supported). Check kernel logs for WARNING about __alloc_pages.

Check Version:

uname -r

Verify Fix Applied:

After patching, same command should fail gracefully with 'Cannot allocate memory' error without kernel WARNING.

📡 Detection & Monitoring

Log Indicators:

  • Kernel WARNING messages containing '__alloc_pages' and call trace with 'rb_alloc_aux'
  • Failed perf commands with 'Cannot allocate memory' errors

Network Indicators:

  • None - local exploitation only

SIEM Query:

source="kernel" AND "WARNING" AND "__alloc_pages" AND "rb_alloc_aux"

📊 Metadata

CVE ID: CVE-2023-52835
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-129
Published: May 21, 2024
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52835, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)