{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52513", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.316Z", "datePublished": "2024-03-02T21:52:24.587Z", "dateUpdated": "2024-11-04T14:48:20.704Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:20.704Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix connection failure handling\n\nIn case immediate MPA request processing fails, the newly\ncreated endpoint unlinks the listening endpoint and is\nready to be dropped. This special case was not handled\ncorrectly by the code handling the later TCP socket close,\ncausing a NULL dereference crash in siw_cm_work_handler()\nwhen dereferencing a NULL listener. We now also cancel\nthe useless MPA timeout, if immediate MPA request\nprocessing fails.\n\nThis patch furthermore simplifies MPA processing in general:\nScheduling a useless TCP socket read in sk_data_ready() upcall\nis now surpressed, if the socket is already moved out of\nTCP_ESTABLISHED state."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/sw/siw/siw_cm.c"], "versions": [{"version": "6c52fdc244b5", "lessThan": "6e26812e289b", "status": "affected", "versionType": "git"}, {"version": "6c52fdc244b5", "lessThan": "0d520cdb0cd0", "status": "affected", "versionType": "git"}, {"version": "6c52fdc244b5", "lessThan": "81b7bf367eea", "status": "affected", "versionType": "git"}, {"version": "6c52fdc244b5", "lessThan": "5cf38e638e5d", "status": "affected", "versionType": "git"}, {"version": "6c52fdc244b5", "lessThan": "eeafc50a77f6", "status": "affected", "versionType": "git"}, {"version": "6c52fdc244b5", "lessThan": "53a3f7770497", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/sw/siw/siw_cm.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.258", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.198", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.135", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.57", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.7", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594"}, {"url": "https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed"}, {"url": "https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d"}, {"url": "https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f"}, {"url": "https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8"}, {"url": "https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590"}], "title": "RDMA/siw: Fix connection failure handling", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52513", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T15:30:53.531798Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:14.957Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.917Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.917Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52513", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T15:30:53.531798Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.694Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "RDMA/siw: Fix connection failure handling", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6c52fdc244b5", "lessThan": "6e26812e289b", "versionType": "git"}, {"status": "affected", "version": "6c52fdc244b5", "lessThan": "0d520cdb0cd0", "versionType": "git"}, {"status": "affected", "version": "6c52fdc244b5", "lessThan": "81b7bf367eea", "versionType": "git"}, {"status": "affected", "version": "6c52fdc244b5", "lessThan": "5cf38e638e5d", "versionType": "git"}, {"status": "affected", "version": "6c52fdc244b5", "lessThan": "eeafc50a77f6", "versionType": "git"}, {"status": "affected", "version": "6c52fdc244b5", "lessThan": "53a3f7770497", "versionType": "git"}], "programFiles": ["drivers/infiniband/sw/siw/siw_cm.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.3"}, {"status": "unaffected", "version": "0", "lessThan": "5.3", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.258", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.198", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.135", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.57", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.7", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/infiniband/sw/siw/siw_cm.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594"}, {"url": "https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed"}, {"url": "https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d"}, {"url": "https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f"}, {"url": "https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8"}, {"url": "https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix connection failure handling\n\nIn case immediate MPA request processing fails, the newly\ncreated endpoint unlinks the listening endpoint and is\nready to be dropped. This special case was not handled\ncorrectly by the code handling the later TCP socket close,\ncausing a NULL dereference crash in siw_cm_work_handler()\nwhen dereferencing a NULL listener. We now also cancel\nthe useless MPA timeout, if immediate MPA request\nprocessing fails.\n\nThis patch furthermore simplifies MPA processing in general:\nScheduling a useless TCP socket read in sk_data_ready() upcall\nis now surpressed, if the socket is already moved out of\nTCP_ESTABLISHED state."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:20.704Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52513", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:48:20.704Z", "dateReserved": "2024-02-20T12:30:33.316Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:24.587Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix connection failure handling\n\nIn case immediate MPA request processing fails, the newly\ncreated endpoint unlinks the listening endpoint and is\nready to be dropped. This special case was not handled\ncorrectly by the code handling the later TCP socket close,\ncausing a NULL dereference crash in siw_cm_work_handler()\nwhen dereferencing a NULL listener. We now also cancel\nthe useless MPA timeout, if immediate MPA request\nprocessing fails.\n\nThis patch furthermore simplifies MPA processing in general:\nScheduling a useless TCP socket read in sk_data_ready() upcall\nis now surpressed, if the socket is already moved out of\nTCP_ESTABLISHED state."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/siw: soluciona el manejo de fallas de conexi\u00f3n En caso de que falle el procesamiento inmediato de la solicitud MPA, el endpoint reci\u00e9n creado desvincula el endpoint de escucha y est\u00e1 listo para ser descartado. Este caso especial no fue manejado correctamente por el c\u00f3digo que maneja el cierre posterior del socket TCP, lo que provoc\u00f3 un bloqueo de desreferencia NULL en siw_cm_work_handler() al desreferenciar un oyente NULL. Ahora tambi\u00e9n cancelamos el tiempo de espera in\u00fatil de MPA, si falla el procesamiento inmediato de la solicitud de MPA. Este parche adem\u00e1s simplifica el procesamiento MPA en general: la programaci\u00f3n de una lectura de socket TCP in\u00fatil en la llamada ascendente sk_data_ready() ahora se suprime, si el socket ya se ha movido fuera del estado TCP_ESTABLISHED."}], "id": "CVE-2023-52513", "lastModified": "2024-03-04T13:58:23.447", "metrics": {}, "published": "2024-03-02T22:15:47.730", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:3627", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3618", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.5.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: RDMA/siw: Fix connection failure handling", "id": "2267804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267804"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nRDMA/siw: Fix connection failure handling\nIn case immediate MPA request processing fails, the newly\ncreated endpoint unlinks the listening endpoint and is\nready to be dropped. This special case was not handled\ncorrectly by the code handling the later TCP socket close,\ncausing a NULL dereference crash in siw_cm_work_handler()\nwhen dereferencing a NULL listener. We now also cancel\nthe useless MPA timeout, if immediate MPA request\nprocessing fails.\nThis patch furthermore simplifies MPA processing in general:\nScheduling a useless TCP socket read in sk_data_ready() upcall\nis now surpressed, if the socket is already moved out of\nTCP_ESTABLISHED state.", "A NULL dereference vulnerability was found in the Linux kernel, which is caused when the siw_cm_work_handler() function attempts to dereference a NULL listener that may be created when immediate MPA request processing fails and the newly created endpoint unlinks the listening endpoint ready to be dropped."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52513", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52513\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52513\nhttps://lore.kernel.org/linux-cve-announce/2024030251-CVE-2023-52513-5224@gregkh/T/#u"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.258, kernel 5.10.198, kernel 5.15.135, kernel 6.1.57, kernel 6.5.7, kernel 6.6"}