Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dcfn-6n5x-gqfn
Vulnerability ID VCID-dcfn-6n5x-gqfn
Aliases CVE-2023-52797
Summary In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Check find_first_bit() return value We must check the return value of find_first_bit() before using the return value as an index array since it happens to overflow the array and then panic: [ 107.318430] Kernel BUG [#1] [ 107.319434] CPU: 3 PID: 1238 Comm: kill Tainted: G E 6.6.0-rc6ubuntu-defconfig #2 [ 107.319465] Hardware name: riscv-virtio,qemu (DT) [ 107.319551] epc : pmu_sbi_ovf_handler+0x3a4/0x3ae [ 107.319840] ra : pmu_sbi_ovf_handler+0x52/0x3ae [ 107.319868] epc : ffffffff80a0a77c ra : ffffffff80a0a42a sp : ffffaf83fecda350 [ 107.319884] gp : ffffffff823961a8 tp : ffffaf8083db1dc0 t0 : ffffaf83fecda480 [ 107.319899] t1 : ffffffff80cafe62 t2 : 000000000000ff00 s0 : ffffaf83fecda520 [ 107.319921] s1 : ffffaf83fecda380 a0 : 00000018fca29df0 a1 : ffffffffffffffff [ 107.319936] a2 : 0000000001073734 a3 : 0000000000000004 a4 : 0000000000000000 [ 107.319951] a5 : 0000000000000040 a6 : 000000001d1c8774 a7 : 0000000000504d55 [ 107.319965] s2 : ffffffff82451f10 s3 : ffffffff82724e70 s4 : 000000000000003f [ 107.319980] s5 : 0000000000000011 s6 : ffffaf8083db27c0 s7 : 0000000000000000 [ 107.319995] s8 : 0000000000000001 s9 : 00007fffb45d6558 s10: 00007fffb45d81a0 [ 107.320009] s11: ffffaf7ffff60000 t3 : 0000000000000004 t4 : 0000000000000000 [ 107.320023] t5 : ffffaf7f80000000 t6 : ffffaf8000000000 [ 107.320037] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 107.320081] [<ffffffff80a0a77c>] pmu_sbi_ovf_handler+0x3a4/0x3ae [ 107.320112] [<ffffffff800b42d0>] handle_percpu_devid_irq+0x9e/0x1a0 [ 107.320131] [<ffffffff800ad92c>] generic_handle_domain_irq+0x28/0x36 [ 107.320148] [<ffffffff8065f9f8>] riscv_intc_irq+0x36/0x4e [ 107.320166] [<ffffffff80caf4a0>] handle_riscv_irq+0x54/0x86 [ 107.320189] [<ffffffff80cb0036>] do_irq+0x64/0x96 [ 107.320271] Code: 85a6 855e b097 ff7f 80e7 9220 b709 9002 4501 bbd9 (9002) 6097 [ 107.320585] ---[ end trace 0000000000000000 ]--- [ 107.320704] Kernel panic - not syncing: Fatal exception in interrupt [ 107.320775] SMP: stopping secondary CPUs [ 107.321219] Kernel Offset: 0x0 from 0xffffffff80000000 [ 107.333051] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
Status Published
Exploitability 0.5
Weighted Severity 4.0
Risk 2.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-252 Unchecked Return Value
System Score Found at
cvssv3 4.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52797.json
epss 0.00113 https://api.first.org/data/v1/epss?cve=CVE-2023-52797
epss 0.00113 https://api.first.org/data/v1/epss?cve=CVE-2023-52797
epss 0.00113 https://api.first.org/data/v1/epss?cve=CVE-2023-52797
epss 0.00113 https://api.first.org/data/v1/epss?cve=CVE-2023-52797
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/2c86b24095fcf72cf51bc72d12e4350163b4e11d
ssvc Track https://git.kernel.org/stable/c/45a0de41ec383c8b7c6d442734ba3852dd2fc4a7
ssvc Track https://git.kernel.org/stable/c/c6e316ac05532febb0c966fa9b55f5258ed037be
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52797.json
https://api.first.org/data/v1/epss?cve=CVE-2023-52797
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2282726 https://bugzilla.redhat.com/show_bug.cgi?id=2282726
2c86b24095fcf72cf51bc72d12e4350163b4e11d https://git.kernel.org/stable/c/2c86b24095fcf72cf51bc72d12e4350163b4e11d
45a0de41ec383c8b7c6d442734ba3852dd2fc4a7 https://git.kernel.org/stable/c/45a0de41ec383c8b7c6d442734ba3852dd2fc4a7
c6e316ac05532febb0c966fa9b55f5258ed037be https://git.kernel.org/stable/c/c6e316ac05532febb0c966fa9b55f5258ed037be
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52797.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:26:12Z/ Found at https://git.kernel.org/stable/c/2c86b24095fcf72cf51bc72d12e4350163b4e11d
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:26:12Z/ Found at https://git.kernel.org/stable/c/45a0de41ec383c8b7c6d442734ba3852dd2fc4a7
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:26:12Z/ Found at https://git.kernel.org/stable/c/c6e316ac05532febb0c966fa9b55f5258ed037be
Exploit Prediction Scoring System (EPSS)
Percentile 0.29485
EPSS Score 0.00113
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:47:52.593772+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0