CVE-2023-52562: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache (at rmmod time), we might end up releasing the kmem_cache object without removing it from the slab_caches list thus corrupting the list as kmem_cache_destroy() ignores the return value from shutdown_cache(), which in turn never removes the kmem_cache object from slabs_list in case __kmem_cache_shutdown() fails to release all of the cache's slabs. This is easily observable on a kernel built with CONFIG_DEBUG_LIST=y as after that ill release the system will immediately trip on list_add, or list_del, assertions similar to the one shown below as soon as another kmem_cache gets created, or destroyed: [ 1041.213632] list_del corruption. next->prev should be ffff89f596fb5768, but was 52f1e5016aeee75d. (next=ffff89f595a1b268) [ 1041.219165] ------------[ cut here ]------------ [ 1041.221517] kernel BUG at lib/list_debug.c:62! [ 1041.223452] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 1041.225408] CPU: 2 PID: 1852 Comm: rmmod Kdump: loaded Tainted: G B W OE 6.5.0 #15 [ 1041.228244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc37 05/24/2023 [ 1041.231212] RIP: 0010:__list_del_entry_valid+0xae/0xb0 Another quick way to trigger this issue, in a kernel with CONFIG_SLUB=y, is to set slub_debug to poison the released objects and then just run cat /proc/slabinfo after removing the module that leaks slab objects, in which case the kernel will panic: [ 50.954843] general protection fault, probably for non-canonical address 0xa56b6b6b6b6b6b8b: 0000 [#1] PREEMPT SMP PTI [ 50.961545] CPU: 2 PID: 1495 Comm: cat Kdump: loaded Tainted: G B W OE 6.5.0 #15 [ 50.966808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc37 05/24/2023 [ 50.972663] RIP: 0010:get_slabinfo+0x42/0xf0 This patch fixes this issue by properly checking shutdown_cache()'s return value before taking the kmem_cache_release() branch.
AI Analysis
Technical Summary
CVE-2023-52562 is a vulnerability in the Linux kernel's memory management subsystem, specifically related to slab cache handling in the kernel's slab allocator. The flaw arises when a kernel module creates a slab cache but fails to release all allocated objects before destroying the cache during module removal (rmmod). In such cases, the kmem_cache object may be released without being properly removed from the global slab_caches list, leading to list corruption. This occurs because the kmem_cache_destroy() function ignores the return value of shutdown_cache(), which is responsible for releasing all slabs associated with the cache. If shutdown_cache() fails to release all slabs, the kmem_cache object remains in the slab_caches list, causing corruption when subsequent slab caches are created or destroyed. This corruption manifests as kernel list manipulation errors, triggering kernel BUGs and invalid opcode exceptions, as well as potential kernel panics when slab debugging features are enabled (e.g., CONFIG_DEBUG_LIST or CONFIG_SLUB with slub_debug enabled). The vulnerability is triggered by improper handling of slab cache shutdown in kernel modules and can cause system instability or crashes. The patch fixes the issue by properly checking the return value of shutdown_cache() before proceeding with kmem_cache_release(), ensuring that the slab_caches list remains consistent and preventing list corruption.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions, especially those that load and unload kernel modules dynamically. The impact includes potential system crashes, kernel panics, and denial of service conditions due to memory allocator corruption. This can disrupt critical services, especially in environments relying on Linux servers for infrastructure, cloud services, or embedded systems. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability can lead to service outages and operational disruptions. Organizations running custom kernel modules or third-party kernel extensions are at higher risk if those modules do not properly release slab objects. The vulnerability is particularly relevant for data centers, cloud providers, and enterprises with Linux-based infrastructure in Europe, where uptime and reliability are critical. Additionally, the presence of debugging features like CONFIG_DEBUG_LIST or SLUB debugging in production kernels may increase the likelihood of kernel panics triggered by this flaw.
Mitigation Recommendations
European organizations should promptly update their Linux kernels to versions that include the patch for CVE-2023-52562. Kernel maintainers and system administrators should audit kernel modules to ensure they correctly release all allocated slab objects before cache destruction. For environments using custom or third-party kernel modules, source code review and testing should verify proper slab cache shutdown behavior. Disabling debugging features like CONFIG_DEBUG_LIST and SLUB debugging in production environments can reduce the risk of kernel panics caused by this vulnerability, although this is not a substitute for patching. Organizations should implement rigorous kernel update policies and test kernel updates in staging environments to prevent unexpected downtime. Monitoring kernel logs for list corruption or slab allocator errors can help detect exploitation attempts or module misbehavior. Finally, limiting the ability to load and unload kernel modules to trusted administrators reduces the attack surface related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2023-52562: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache (at rmmod time), we might end up releasing the kmem_cache object without removing it from the slab_caches list thus corrupting the list as kmem_cache_destroy() ignores the return value from shutdown_cache(), which in turn never removes the kmem_cache object from slabs_list in case __kmem_cache_shutdown() fails to release all of the cache's slabs. This is easily observable on a kernel built with CONFIG_DEBUG_LIST=y as after that ill release the system will immediately trip on list_add, or list_del, assertions similar to the one shown below as soon as another kmem_cache gets created, or destroyed: [ 1041.213632] list_del corruption. next->prev should be ffff89f596fb5768, but was 52f1e5016aeee75d. (next=ffff89f595a1b268) [ 1041.219165] ------------[ cut here ]------------ [ 1041.221517] kernel BUG at lib/list_debug.c:62! [ 1041.223452] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 1041.225408] CPU: 2 PID: 1852 Comm: rmmod Kdump: loaded Tainted: G B W OE 6.5.0 #15 [ 1041.228244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc37 05/24/2023 [ 1041.231212] RIP: 0010:__list_del_entry_valid+0xae/0xb0 Another quick way to trigger this issue, in a kernel with CONFIG_SLUB=y, is to set slub_debug to poison the released objects and then just run cat /proc/slabinfo after removing the module that leaks slab objects, in which case the kernel will panic: [ 50.954843] general protection fault, probably for non-canonical address 0xa56b6b6b6b6b6b8b: 0000 [#1] PREEMPT SMP PTI [ 50.961545] CPU: 2 PID: 1495 Comm: cat Kdump: loaded Tainted: G B W OE 6.5.0 #15 [ 50.966808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc37 05/24/2023 [ 50.972663] RIP: 0010:get_slabinfo+0x42/0xf0 This patch fixes this issue by properly checking shutdown_cache()'s return value before taking the kmem_cache_release() branch.
AI-Powered Analysis
Technical Analysis
CVE-2023-52562 is a vulnerability in the Linux kernel's memory management subsystem, specifically related to slab cache handling in the kernel's slab allocator. The flaw arises when a kernel module creates a slab cache but fails to release all allocated objects before destroying the cache during module removal (rmmod). In such cases, the kmem_cache object may be released without being properly removed from the global slab_caches list, leading to list corruption. This occurs because the kmem_cache_destroy() function ignores the return value of shutdown_cache(), which is responsible for releasing all slabs associated with the cache. If shutdown_cache() fails to release all slabs, the kmem_cache object remains in the slab_caches list, causing corruption when subsequent slab caches are created or destroyed. This corruption manifests as kernel list manipulation errors, triggering kernel BUGs and invalid opcode exceptions, as well as potential kernel panics when slab debugging features are enabled (e.g., CONFIG_DEBUG_LIST or CONFIG_SLUB with slub_debug enabled). The vulnerability is triggered by improper handling of slab cache shutdown in kernel modules and can cause system instability or crashes. The patch fixes the issue by properly checking the return value of shutdown_cache() before proceeding with kmem_cache_release(), ensuring that the slab_caches list remains consistent and preventing list corruption.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions, especially those that load and unload kernel modules dynamically. The impact includes potential system crashes, kernel panics, and denial of service conditions due to memory allocator corruption. This can disrupt critical services, especially in environments relying on Linux servers for infrastructure, cloud services, or embedded systems. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability can lead to service outages and operational disruptions. Organizations running custom kernel modules or third-party kernel extensions are at higher risk if those modules do not properly release slab objects. The vulnerability is particularly relevant for data centers, cloud providers, and enterprises with Linux-based infrastructure in Europe, where uptime and reliability are critical. Additionally, the presence of debugging features like CONFIG_DEBUG_LIST or SLUB debugging in production kernels may increase the likelihood of kernel panics triggered by this flaw.
Mitigation Recommendations
European organizations should promptly update their Linux kernels to versions that include the patch for CVE-2023-52562. Kernel maintainers and system administrators should audit kernel modules to ensure they correctly release all allocated slab objects before cache destruction. For environments using custom or third-party kernel modules, source code review and testing should verify proper slab cache shutdown behavior. Disabling debugging features like CONFIG_DEBUG_LIST and SLUB debugging in production environments can reduce the risk of kernel panics caused by this vulnerability, although this is not a substitute for patching. Organizations should implement rigorous kernel update policies and test kernel updates in staging environments to prevent unexpected downtime. Monitoring kernel logs for list corruption or slab allocator errors can help detect exploitation attempts or module misbehavior. Finally, limiting the ability to load and unload kernel modules to trusted administrators reduces the attack surface related to this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-02T21:55:42.566Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdd7eb
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 1:25:59 AM
Last updated: 8/8/2025, 6:19:19 AM
Views: 10
Related Threats
CVE-2025-8864: CWE-532 Insertion of Sensitive Information into Log File in YugabyteDB Inc YugabyteDB Anywhere
MediumCVE-2025-8851: Stack-based Buffer Overflow in LibTIFF
MediumCVE-2025-8863: CWE-319 Cleartext Transmission of Sensitive Information in YugabyteDB Inc YugabyteDB
HighCVE-2025-8847: Cross Site Scripting in yangzongzhuan RuoYi
MediumCVE-2025-8839: Improper Authorization in jshERP
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.