CVE-2023-51781 - OpenCVE

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc5::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8
https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
https://nvd.nist.gov/vuln/detail/CVE-2023-51781
https://www.cve.org/CVERecord?id=CVE-2023-51781

History

Thu, 29 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Important`	threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-25T00:00:00

Updated: 2024-08-02T22:48:11.216Z

Reserved: 2023-12-25T00:00:00

Link: CVE-2023-51781

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-11T19:15:12.553

Modified: 2024-01-18T19:58:50.630

Link: CVE-2023-51781

Redhat

Severity : Moderate

Publid Date: 2024-01-10T00:00:00Z

Links: CVE-2023-51781 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-51781", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T22:48:11.216Z", "dateReserved": "2023-12-25T00:00:00", "datePublished": "2023-12-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-11T21:06:24.776598"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"}, {"url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198"}, {"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"}, {"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:48:11.216Z"}, "title": "CVE Program Container", "references": [{"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8", "tags": ["x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"}, {"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5C35A7D-82A5-436F-925A-384D92679784", "versionEndExcluding": "6.6.8", "versionStartExcluding": "2.6.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", "matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 6.6.8. atalk_ioctl en net/appletalk/ddp.c tiene un use after free debido a una condici\u00f3n de ejecuci\u00f3n atalk_recvmsg."}], "id": "CVE-2023-51781", "lastModified": "2024-01-18T19:58:50.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-11T19:15:12.553", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: use-after-free in net/appletalk/ddp.c", "id": "2257683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257683"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.", "A use-after-free flaw was found in the Linux kernel's atalk_ioctl in net/appletalk/ddp.c, due to a race condition in atalk_recvmsg. This flaw allows an attacker to possibly gain unauthorized access, escalate privileges, or cause the system to crash."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-51781", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-01-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-51781\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-51781\nhttps://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8\nhttps://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198"], "statement": "Only local user can trigger this issue as result of race condition. Based on this (high attack complexity) chosen Moderate impact level.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.8"}