CVE-2023-52502 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock. nfc_llcp_sock_get_sn() has a similar problem. Finally nfc_llcp_recv_snl() needs to make sure the socket found by nfc_llcp_sock_from_sn() does not disappear.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93
https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9
https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d
https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c
https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8
https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc
https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a
https://lore.kernel.org/linux-cve-announce/2024030248-CVE-2023-52502-6863@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2023-52502
https://www.cve.org/CVERecord?id=CVE-2023-52502

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-02T21:52:17.218Z

Updated: 2024-08-02T23:03:20.409Z

Reserved: 2024-02-20T12:30:33.313Z

Link: CVE-2023-52502

Vulnrichment

Updated: 2024-05-23T19:01:15.910Z

NVD

Status : Awaiting Analysis

Published: 2024-03-02T22:15:47.203

Modified: 2024-03-04T13:58:23.447

Link: CVE-2023-52502

Redhat

Severity : Moderate

Publid Date: 2024-03-02T00:00:00Z

Links: CVE-2023-52502 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52502", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.313Z", "datePublished": "2024-03-02T21:52:17.218Z", "dateUpdated": "2024-08-02T23:03:20.409Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:13:00.358Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "8f50020ed9b8", "lessThan": "e863f5720a56", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "7adcf014bda1", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "6ac22ecdaad2", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "d888d3f70b0d", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "e4f2611f07c8", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "d1af8a39cf83", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "31c07dffafce", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "3.6", "status": "affected"}, {"version": "0", "lessThan": "3.6", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.297", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.259", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.199", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.136", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.59", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.5.8", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"}, {"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"}, {"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"}, {"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"}, {"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"}, {"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"}, {"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"}], "title": "net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T20:30:02.589366Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:22:32.827Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.409Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52502", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.313Z", "datePublished": "2024-03-02T21:52:17.218Z", "dateUpdated": "2024-06-04T17:22:32.827Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:13:00.358Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "8f50020ed9b8", "lessThan": "e863f5720a56", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "7adcf014bda1", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "6ac22ecdaad2", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "d888d3f70b0d", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "e4f2611f07c8", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "d1af8a39cf83", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b8", "lessThan": "31c07dffafce", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "3.6", "status": "affected"}, {"version": "0", "lessThan": "3.6", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.297", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.259", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.199", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.136", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.59", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.5.8", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"}, {"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"}, {"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"}, {"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"}, {"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"}, {"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"}, {"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"}], "title": "net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T20:30:02.589366Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:15.910Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: nfc: corrige ejecuci\u00f3ns en nfc_llcp_sock_get() y nfc_llcp_sock_get_sn() Sili Luo inform\u00f3 una ejecuci\u00f3n en nfc_llcp_sock_get(), lo que llev\u00f3 a UAF. Obtener una referencia en el enchufe encontrado en una b\u00fasqueda mientras se mantiene un candado debe ocurrir antes de liberar el candado. nfc_llcp_sock_get_sn() tiene un problema similar. Finalmente, nfc_llcp_recv_snl() necesita asegurarse de que el socket encontrado por nfc_llcp_sock_from_sn() no desaparezca."}], "id": "CVE-2023-52502", "lastModified": "2024-03-04T13:58:23.447", "metrics": {}, "published": "2024-03-02T22:15:47.203", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()", "id": "2267781", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267781"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\nnfc_llcp_sock_get_sn() has a similar problem.\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear.", "A use-after-free vulnerability was found in the Linux kernel in the net:nfc component and is caused by a race condition in the nfc_llcp_sock_get() function. This flaw could lead to memory corruption, crashes, or potential exploitation by attackers of privileged memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52502", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52502\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52502\nhttps://lore.kernel.org/linux-cve-announce/2024030248-CVE-2023-52502-6863@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.297, kernel 5.4.259, kernel 5.10.199, kernel 5.15.136, kernel 6.1.59, kernel 6.5.8, kernel 6.6"}