CVE-2023-52973
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's virtual console screen driver (vc_screen). It allows attackers with local access to potentially execute arbitrary code or cause kernel crashes by exploiting a race condition between vcs_read() and vc_deallocate(). All Linux systems using affected kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context leading to complete system compromise.
Likely Case
Kernel crash leading to denial of service, or local privilege escalation if combined with other vulnerabilities.
If Mitigated
Limited to denial of service if kernel hardening features like KASAN or SLAB_FREELIST_HARDENED are enabled.
🎯 Exploit Status
Requires local access and race condition triggering. Syzkaller fuzzer discovered this, suggesting exploitability but no public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 226fae124b2dac217ea5436060d623ff3385bc34, 55515d7d8743b71b80bfe68e89eb9d92630626ab, 6332f52f44b9776568bf3c0b714ddfb0bb175e78, 8506f16aae9daf354e3732bcfd447e2a97f023df, af79ea9a2443016f64d8fd8d72020cc874f0e066
Vendor Advisory: https://git.kernel.org/stable/c/226fae124b2dac217ea5436060d623ff3385bc34
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image-*. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable virtual consoles
allRemove virtual console access by disabling VT subsystem (not practical for most systems)
echo 'blacklist vt' > /etc/modprobe.d/blacklist-vt.conf
update-initramfs -u
🧯 If You Can't Patch
- Restrict access to /dev/vcs* devices using filesystem permissions
- Implement strict user privilege separation and limit local user access
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with distribution's patched versions. Check if /dev/vcs devices exist.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from vendor. Check git commit hash if building from source.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN use-after-free reports in dmesg
- OOM killer activity related to vt processes
Network Indicators:
- None - local exploit only
SIEM Query:
source="kernel" AND ("KASAN: use-after-free" OR "BUG: KASAN" OR "vc_screen" OR "vcs_read")🔗 References
- https://git.kernel.org/stable/c/226fae124b2dac217ea5436060d623ff3385bc34
- https://git.kernel.org/stable/c/55515d7d8743b71b80bfe68e89eb9d92630626ab
- https://git.kernel.org/stable/c/6332f52f44b9776568bf3c0b714ddfb0bb175e78
- https://git.kernel.org/stable/c/8506f16aae9daf354e3732bcfd447e2a97f023df
- https://git.kernel.org/stable/c/af79ea9a2443016f64d8fd8d72020cc874f0e066
- https://git.kernel.org/stable/c/d0332cbf53dad06a22189cc341391237f4ea6d9f
- https://git.kernel.org/stable/c/fc9e27f3ba083534b8bbf72ab0f5c810ffdc7d18
