CVE-2023-52895: 
Linux Debian vulnerability analysis and mitigation

CVE-2023-52895 is a vulnerability in the Linux kernel related to io_uring/poll functionality. The issue specifically involves a poll race condition that can occur with multishot requests. The vulnerability was discovered and disclosed in August 2024, affecting Linux kernel version 6.1.7 and potentially other versions (NVD).

The vulnerability stems from a race condition in the io_uring/poll subsystem where a multishot armed request can cause a buffer leak when ring-provided buffers are used. The issue occurs when there's a spurious wakeup in multishot requests, even though the waitqueue is never left. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on system availability (NVD, Red Hat).

The primary impact of this vulnerability is on system availability, potentially leading to memory leaks. When exploited, it can cause resource consumption issues, particularly affecting memory resources, which could result in system instability or denial of service conditions (Red Hat).

A fix has been implemented in the Linux kernel that addresses the poll race condition. The solution involves not reissuing requests in case of poll race on multishot requests, as it's not necessary to rearm anything for these types of requests unlike singleshot poll requests (Kernel Patch).