CVE-2023-52504: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in apply_alternatives() Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled(). KASAN gets confused when apply_alternatives() patches the KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue. Fix it for real by disabling KASAN while the kernel is patching alternatives. [ mingo: updated the changelog ]
AI Analysis
Technical Summary
CVE-2023-52504 is a vulnerability identified in the Linux kernel related to the Kernel Address Sanitizer (KASAN) functionality during the execution of the apply_alternatives() function on x86 architectures that support 5-level paging (LA57 feature). The issue arises because KASAN, a dynamic memory error detector used to find out-of-bounds and use-after-free bugs, becomes confused when apply_alternatives() patches kernel code alternatives. Specifically, the problem is triggered by the interaction between KASAN's shadow memory calculations and the dynamic nature of the virtual address space on 5-level paging machines. The root cause involves the KASAN_SHADOW_START address depending on __VIRTUAL_MASK_SHIFT, which itself is defined based on the cpu_feature_enabled() check for the LA57 feature. When apply_alternatives() modifies kernel text early in the boot process, KASAN incorrectly detects out-of-bounds memory accesses in the rcu_is_watching() function, leading to a BUG report and potential kernel instability. The fix implemented disables KASAN during the patching of alternatives, preventing the false positive and ensuring stability. This vulnerability does not appear to be exploitable for privilege escalation or code execution but can cause kernel crashes or instability on affected systems. No known exploits are reported in the wild, and the vulnerability affects Linux kernel versions containing the specified commit hashes. The vulnerability is specific to systems with 5-level paging enabled, which is a relatively recent architectural feature in x86_64 processors allowing a larger virtual address space.
Potential Impact
For European organizations, the impact of CVE-2023-52504 is primarily related to system stability and reliability rather than direct security compromise. Systems running Linux kernels with 5-level paging enabled and KASAN active could experience kernel panics or crashes during early boot or kernel patching phases, potentially leading to downtime or service disruption. This is particularly relevant for organizations relying on custom or cutting-edge Linux kernels that enable 5-level paging and KASAN for debugging or security hardening purposes. While this vulnerability does not directly expose systems to remote code execution or privilege escalation, the resulting instability could affect critical infrastructure, cloud services, or embedded systems that depend on Linux. European enterprises in sectors such as telecommunications, finance, and manufacturing that deploy Linux-based servers or network devices with these kernel features might face operational disruptions. However, the limited scope (5-level paging machines with KASAN enabled) reduces the overall risk to the broader Linux user base. Since no known exploits exist, the immediate threat level is low but warrants patching to maintain kernel integrity and prevent unexpected failures.
Mitigation Recommendations
To mitigate CVE-2023-52504, organizations should apply the official Linux kernel patches that disable KASAN during the apply_alternatives() function execution. This fix is integrated into recent kernel releases and prevents KASAN from generating false positives or causing out-of-bounds memory access errors during kernel text patching. Specifically, system administrators and kernel maintainers should: 1) Identify Linux systems running kernels with 5-level paging enabled and KASAN active, especially in development or debugging environments. 2) Update to the latest stable Linux kernel versions that include the fix for this vulnerability. 3) If custom kernels are used, incorporate the patch that disables KASAN during apply_alternatives() or statically sets KASAN_SHADOW_START to avoid dynamic dependency on __VIRTUAL_MASK_SHIFT. 4) Test kernel updates in controlled environments to ensure stability before production deployment. 5) Monitor kernel logs for KASAN-related BUG reports or crashes that might indicate unpatched systems. Since the vulnerability is related to kernel internals and debugging features, disabling KASAN entirely on production systems that do not require it can also reduce exposure. However, this should be balanced against the benefits of KASAN for memory error detection.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Estonia
CVE-2023-52504: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in apply_alternatives() Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled(). KASAN gets confused when apply_alternatives() patches the KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue. Fix it for real by disabling KASAN while the kernel is patching alternatives. [ mingo: updated the changelog ]
AI-Powered Analysis
Technical Analysis
CVE-2023-52504 is a vulnerability identified in the Linux kernel related to the Kernel Address Sanitizer (KASAN) functionality during the execution of the apply_alternatives() function on x86 architectures that support 5-level paging (LA57 feature). The issue arises because KASAN, a dynamic memory error detector used to find out-of-bounds and use-after-free bugs, becomes confused when apply_alternatives() patches kernel code alternatives. Specifically, the problem is triggered by the interaction between KASAN's shadow memory calculations and the dynamic nature of the virtual address space on 5-level paging machines. The root cause involves the KASAN_SHADOW_START address depending on __VIRTUAL_MASK_SHIFT, which itself is defined based on the cpu_feature_enabled() check for the LA57 feature. When apply_alternatives() modifies kernel text early in the boot process, KASAN incorrectly detects out-of-bounds memory accesses in the rcu_is_watching() function, leading to a BUG report and potential kernel instability. The fix implemented disables KASAN during the patching of alternatives, preventing the false positive and ensuring stability. This vulnerability does not appear to be exploitable for privilege escalation or code execution but can cause kernel crashes or instability on affected systems. No known exploits are reported in the wild, and the vulnerability affects Linux kernel versions containing the specified commit hashes. The vulnerability is specific to systems with 5-level paging enabled, which is a relatively recent architectural feature in x86_64 processors allowing a larger virtual address space.
Potential Impact
For European organizations, the impact of CVE-2023-52504 is primarily related to system stability and reliability rather than direct security compromise. Systems running Linux kernels with 5-level paging enabled and KASAN active could experience kernel panics or crashes during early boot or kernel patching phases, potentially leading to downtime or service disruption. This is particularly relevant for organizations relying on custom or cutting-edge Linux kernels that enable 5-level paging and KASAN for debugging or security hardening purposes. While this vulnerability does not directly expose systems to remote code execution or privilege escalation, the resulting instability could affect critical infrastructure, cloud services, or embedded systems that depend on Linux. European enterprises in sectors such as telecommunications, finance, and manufacturing that deploy Linux-based servers or network devices with these kernel features might face operational disruptions. However, the limited scope (5-level paging machines with KASAN enabled) reduces the overall risk to the broader Linux user base. Since no known exploits exist, the immediate threat level is low but warrants patching to maintain kernel integrity and prevent unexpected failures.
Mitigation Recommendations
To mitigate CVE-2023-52504, organizations should apply the official Linux kernel patches that disable KASAN during the apply_alternatives() function execution. This fix is integrated into recent kernel releases and prevents KASAN from generating false positives or causing out-of-bounds memory access errors during kernel text patching. Specifically, system administrators and kernel maintainers should: 1) Identify Linux systems running kernels with 5-level paging enabled and KASAN active, especially in development or debugging environments. 2) Update to the latest stable Linux kernel versions that include the fix for this vulnerability. 3) If custom kernels are used, incorporate the patch that disables KASAN during apply_alternatives() or statically sets KASAN_SHADOW_START to avoid dynamic dependency on __VIRTUAL_MASK_SHIFT. 4) Test kernel updates in controlled environments to ensure stability before production deployment. 5) Monitor kernel logs for KASAN-related BUG reports or crashes that might indicate unpatched systems. Since the vulnerability is related to kernel internals and debugging features, disabling KASAN entirely on production systems that do not require it can also reduce exposure. However, this should be balanced against the benefits of KASAN for memory error detection.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-20T12:30:33.314Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7b7f
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/1/2025, 9:55:39 AM
Last updated: 8/15/2025, 12:19:03 AM
Views: 10
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.