{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52483", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.301Z", "datePublished": "2024-02-29T05:43:13.861Z", "dateUpdated": "2025-05-04T07:37:39.148Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:37:39.148Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: perform route lookups under a RCU read-side lock\n\nOur current route lookups (mctp_route_lookup and mctp_route_lookup_null)\ntraverse the net's route list without the RCU read lock held. This means\nthe route lookup is subject to preemption, resulting in an potential\ngrace period expiry, and so an eventual kfree() while we still have the\nroute pointer.\n\nAdd the proper read-side critical section locks around the route\nlookups, preventing premption and a possible parallel kfree.\n\nThe remaining net->mctp.routes accesses are already under a\nrcu_read_lock, or protected by the RTNL for updates.\n\nBased on an analysis from Sili Luo <rootlab@huawei.com>, where\nintroducing a delay in the route lookup could cause a UAF on\nsimultaneous sendmsg() and route deletion."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mctp/route.c"], "versions": [{"version": "889b7da23abf92faf34491df95733bda63639e32", "lessThan": "6c52b12159049046483fdb0c411a0a1869c41a67", "status": "affected", "versionType": "git"}, {"version": "889b7da23abf92faf34491df95733bda63639e32", "lessThan": "1db0724a01b558feb1ecae551782add1951a114a", "status": "affected", "versionType": "git"}, {"version": "889b7da23abf92faf34491df95733bda63639e32", "lessThan": "2405f64a95a7a094eb24cba9bcfaffd1ea264de4", "status": "affected", "versionType": "git"}, {"version": "889b7da23abf92faf34491df95733bda63639e32", "lessThan": "5093bbfc10ab6636b32728e35813cbd79feb063c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mctp/route.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.137", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.59", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.8", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "5.15.137"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.59"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.5.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67"}, {"url": "https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a"}, {"url": "https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4"}, {"url": "https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c"}], "title": "mctp: perform route lookups under a RCU read-side lock", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52483", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T17:49:14.175624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:10.750Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.402Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.402Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52483", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T17:49:14.175624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.515Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "mctp: perform route lookups under a RCU read-side lock", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "889b7da23abf92faf34491df95733bda63639e32", "lessThan": "6c52b12159049046483fdb0c411a0a1869c41a67", "versionType": "git"}, {"status": "affected", "version": "889b7da23abf92faf34491df95733bda63639e32", "lessThan": "1db0724a01b558feb1ecae551782add1951a114a", "versionType": "git"}, {"status": "affected", "version": "889b7da23abf92faf34491df95733bda63639e32", "lessThan": "2405f64a95a7a094eb24cba9bcfaffd1ea264de4", "versionType": "git"}, {"status": "affected", "version": "889b7da23abf92faf34491df95733bda63639e32", "lessThan": "5093bbfc10ab6636b32728e35813cbd79feb063c", "versionType": "git"}], "programFiles": ["net/mctp/route.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.137", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.59", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.8", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mctp/route.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67"}, {"url": "https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a"}, {"url": "https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4"}, {"url": "https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: perform route lookups under a RCU read-side lock\n\nOur current route lookups (mctp_route_lookup and mctp_route_lookup_null)\ntraverse the net's route list without the RCU read lock held. This means\nthe route lookup is subject to preemption, resulting in an potential\ngrace period expiry, and so an eventual kfree() while we still have the\nroute pointer.\n\nAdd the proper read-side critical section locks around the route\nlookups, preventing premption and a possible parallel kfree.\n\nThe remaining net->mctp.routes accesses are already under a\nrcu_read_lock, or protected by the RTNL for updates.\n\nBased on an analysis from Sili Luo <rootlab@huawei.com>, where\nintroducing a delay in the route lookup could cause a UAF on\nsimultaneous sendmsg() and route deletion."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.137", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.59", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.5.8", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6", "versionStartIncluding": "5.15"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:37:39.148Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52483", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:37:39.148Z", "dateReserved": "2024-02-20T12:30:33.301Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-29T05:43:13.861Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AB63077-B27B-40AC-97BD-D6B2FCE09D88", "versionEndExcluding": "5.15.137", "versionStartIncluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96EA633C-1F3E-41C5-A13A-155C55A1F273", "versionEndExcluding": "6.1.59", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D", "versionEndExcluding": "6.5.8", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: perform route lookups under a RCU read-side lock\n\nOur current route lookups (mctp_route_lookup and mctp_route_lookup_null)\ntraverse the net's route list without the RCU read lock held. This means\nthe route lookup is subject to preemption, resulting in an potential\ngrace period expiry, and so an eventual kfree() while we still have the\nroute pointer.\n\nAdd the proper read-side critical section locks around the route\nlookups, preventing premption and a possible parallel kfree.\n\nThe remaining net->mctp.routes accesses are already under a\nrcu_read_lock, or protected by the RTNL for updates.\n\nBased on an analysis from Sili Luo <rootlab@huawei.com>, where\nintroducing a delay in the route lookup could cause a UAF on\nsimultaneous sendmsg() and route deletion."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mctp: realiza b\u00fasquedas de rutas bajo un bloqueo del lado de lectura de RCU. Nuestras b\u00fasquedas de rutas actuales (mctp_route_lookup y mctp_route_lookup_null) atraviesan la lista de rutas de la red sin que se mantenga el bloqueo de lectura de RCU. Esto significa que la b\u00fasqueda de ruta est\u00e1 sujeta a preferencia, lo que resulta en una posible expiraci\u00f3n del per\u00edodo de gracia y, por lo tanto, en un eventual kfree() mientras todav\u00eda tenemos el puntero de ruta. Agregue los bloqueos de secci\u00f3n cr\u00edtica del lado de lectura adecuados alrededor de las b\u00fasquedas de rutas, evitando la preferencia y un posible kfree paralelo. Los accesos restantes a net-&gt;mctp.routes ya est\u00e1n bajo rcu_read_lock o protegidos por RTNL para actualizaciones. Basado en un an\u00e1lisis de Sili Luo , donde la introducci\u00f3n de un retraso en la b\u00fasqueda de rutas podr\u00eda causar una UAF en sendmsg() y eliminaci\u00f3n de rutas simult\u00e1neas."}], "id": "CVE-2023-52483", "lastModified": "2025-01-13T17:53:05.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-29T06:15:46.147", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mctp: perform route lookups under a RCU read-side lock", "id": "2267026", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267026"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmctp: perform route lookups under a RCU read-side lock\nOur current route lookups (mctp_route_lookup and mctp_route_lookup_null)\ntraverse the net's route list without the RCU read lock held. This means\nthe route lookup is subject to preemption, resulting in an potential\ngrace period expiry, and so an eventual kfree() while we still have the\nroute pointer.\nAdd the proper read-side critical section locks around the route\nlookups, preventing premption and a possible parallel kfree.\nThe remaining net->mctp.routes accesses are already under a\nrcu_read_lock, or protected by the RTNL for updates.\nBased on an analysis from Sili Luo <rootlab@huawei.com>, where\nintroducing a delay in the route lookup could cause a UAF on\nsimultaneous sendmsg() and route deletion.", "A use-after-free vulnerability was found in the Linux kernel, which affects the mctp component and is caused by route lookups that traverse the net's route list without the RCU read lock held. This issue can result in a use-after-free situation where the kfree() function is called on a route pointer that is still in use, given the potential for preemption during the route lookup."], "name": "CVE-2023-52483", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52483\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52483\nhttps://lore.kernel.org/linux-cve-announce/2024022923-CVE-2023-52483-5b9d@gregkh/T/#u"], "threat_severity": "Moderate"}

{}