#VU90024 Memory leak in Linux kernel - CVE-2023-52560


| Updated: 2025-05-14

Vulnerability identifier: #VU90024

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52560

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the damon_do_test_apply_three_regions() function in mm/damon/vaddr-test.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.1.55, 6.5 - 6.5.5, 6.6 rc1 - 6.6 rc6

External links
https://git.kernel.org/stable/c/9a4fe81a8644b717d57d81ce5849e16583b13fe8
https://git.kernel.org/stable/c/6b522001693aa113d97a985abc5f6932972e8e86
https://git.kernel.org/stable/c/45120b15743fa7c0aa53d5db6dfb4c8f87be4abd
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.56
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Storage Scale System
Multiple vulnerabilities in IBM Integrated Analytics System
Multiple vulnerabilities in IBM Guardium Data Protection
Anolis OS update for kernel
Multiple vulnerabilities in IBM Technical Suppport Appliance
Multiple vulnerabilities in IBM QRadar Network Packet Capture
Multiple vulnerabilities in IBM Storage Copy Data Management
Multiple vulnerabilities in IBM Storage Protect Plus
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
Multiple vulnerabilities in Juniper Secure Analytics (JSA)