CVE-2023-52859 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2023-52859?

CVE-2023-52859 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's perf subsystem for HiSilicon uncore PMU (Performance Monitoring Unit) registration. When PMU registration fails, error handling code incorrectly triggers cleanup routines that can access freed memory, potentially leading to kernel crashes or privilege escalation. This affects Linux systems using HiSilicon hardware with the perf subsystem enabled.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's perf subsystem for HiSilicon uncore PMU (Performance Monitoring Unit) registration. When PMU registration fails, error handling code incorrectly triggers cleanup routines that can access freed memory, potentially leading to kernel crashes or privilege escalation. This affects Linux systems using HiSilicon hardware with the perf subsystem enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions with the vulnerable HiSilicon perf driver code; check git commits for exact ranges

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only affects systems with HiSilicon hardware (like Huawei Kunpeng/ARM servers) and with perf subsystem enabled. Most general-purpose Linux systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to root if an attacker can trigger the vulnerability and control the freed memory region.

🟠

Likely Case

System instability, kernel crashes, or denial of service when perf subsystem operations fail on affected HiSilicon hardware.

🟢

If Mitigated

Minimal impact if systems don't use HiSilicon hardware or have perf subsystem disabled; otherwise, system crashes without privilege escalation.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access or ability to trigger perf operations.

🏢 Internal Only: MEDIUM - Internal users with shell access could potentially exploit this, but requires specific hardware and configuration.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access, ability to trigger perf PMU registration failures, and specific HiSilicon hardware. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 0e1e88bba286621b886218363de07b319d6208b2 or equivalent fixes

Vendor Advisory: https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply git commit 0e1e88bba286621b886218363de07b319d6208b2. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable perf subsystem for HiSilicon hardware

linux

Prevent loading of vulnerable HiSilicon perf driver module

echo 'blacklist hisi_uncore_pmu' >> /etc/modprobe.d/blacklist.conf
rmmod hisi_uncore_pmu 2>/dev/null || true

Disable kernel module autoload

linux

Prevent automatic loading of vulnerable module

echo 'install hisi_uncore_pmu /bin/false' >> /etc/modprobe.d/disable.conf

🧯 If You Can't Patch

Restrict local user access to systems with HiSilicon hardware
Monitor system logs for perf-related crashes or errors

🔍 How to Verify

Check if Vulnerable:

Check if HiSilicon perf module is loaded: lsmod | grep hisi_uncore_pmu. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: grep -q '0e1e88bba286621b886218363de07b319d6208b2' /proc/version_signature || uname -r (check with distribution for backported fixes)

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to perf or hisi_uncore_pmu
System crashes during perf operations
dmesg errors mentioning use-after-free in perf subsystem

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("perf" OR "hisi_uncore" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2023-52859

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 21, 2024

Last Updated: January 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52859, you might also want to check these: