CVE-2023-52973: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's virtual console (vcscreen) implementation. The vulnerability (CVE-2023-52973) was disclosed on March 27, 2025, affecting Linux kernel versions from 2.6.38 up to versions before 6.1.11. The issue occurs in the vcsread() function where the vcdata struct can be freed by vcdeallocate() after a call to console_unlock(), leading to a potential use-after-free condition (NVD).

The vulnerability stems from improper handling of struct vcdata pointer in the vcsread() function. After a call to consoleunlock(), the vcdata struct can be freed by vcdeallocate(), but the pointer load occurs too late in the function, leading to a use-after-free when vcssize() is called. The issue was detected by the Syzkaller kernel fuzzer, which reported a KASAN use-after-free error in vcssize at drivers/tty/vt/vcscreen.c:215. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (CISA-ADP).

The vulnerability could allow an attacker with local access to trigger a use-after-free condition, potentially leading to privilege escalation, information disclosure, or system crashes. The high CVSS score indicates that successful exploitation could result in complete compromise of confidentiality, integrity, and availability of the affected system (CISA-ADP).

The vulnerability has been patched in the Linux kernel by moving the load of struct vcdata pointer to the top of the while loop in vcsread() to avoid the use-after-free condition. Multiple patches have been released to address this issue across different kernel versions (NVD).