CVE-2023-52859 is a vulnerability identified in the Linux kernel related to the performance monitoring unit (PMU) subsystem, specifically the handling of the HiSilicon (hisi) uncore PMU. The issue arises when the kernel attempts to register an uncore PMU device and the registration fails. Under normal operation, the PMU context is allocated and managed properly. However, if the registration fails, the PMU context may not be allocated, but the error handling code still calls cpuhp_state_remove_instance(), which triggers the uncore PMU offline callback. This callback attempts to migrate the PMU context, leading to a use-after-free condition because the context does not exist or has already been freed. This use-after-free vulnerability could potentially lead to kernel memory corruption, causing system instability, crashes, or potentially enabling privilege escalation or arbitrary code execution if exploited. The fix involves replacing the call to cpuhp_state_remove_instance() with cpuhp_state_remove_instance_nocalls(), which prevents the execution of notifiers after the PMU device registration failure, thereby avoiding the use-after-free scenario. This vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant to systems using the hisi uncore PMU driver. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected hisi uncore PMU driver, which is commonly found in servers and embedded systems using HiSilicon hardware components. The use-after-free condition could lead to kernel crashes or memory corruption, potentially causing denial of service or enabling attackers to escalate privileges if combined with other vulnerabilities. This is particularly critical for data centers, cloud service providers, and enterprises relying on Linux-based infrastructure for critical operations. The impact could extend to service outages, data integrity issues, and increased risk of targeted attacks exploiting kernel vulnerabilities. Given the absence of known exploits, the immediate risk is moderate, but the potential for future exploitation necessitates prompt patching. Organizations in sectors such as finance, telecommunications, and government, which often use Linux servers and have stringent uptime and security requirements, may face significant operational and reputational risks if this vulnerability is exploited.

European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2023-52859. Since the vulnerability is related to the hisi uncore PMU driver, organizations using HiSilicon hardware should verify the kernel versions deployed and apply vendor-provided patches or mainline kernel updates promptly. Additionally, organizations should audit their systems to identify any use of the affected PMU drivers and disable or restrict access to performance monitoring features if immediate patching is not feasible. Implementing kernel live patching solutions can reduce downtime during updates. Monitoring kernel logs for unusual errors related to PMU registration failures can help detect exploitation attempts. Finally, maintaining a robust incident response plan and ensuring backups and system snapshots are current will mitigate potential damage from exploitation.