CVE-2023-52524 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391
https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391
https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b
https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082
https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb
https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916
https://lore.kernel.org/linux-cve-announce/2024030253-CVE-2023-52524-a5e0@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2023-52524
https://www.cve.org/CVERecord?id=CVE-2023-52524

History

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-02T21:52:30.995Z

Updated: 2024-11-04T14:48:32.352Z

Reserved: 2024-02-20T12:30:33.317Z

Link: CVE-2023-52524

Vulnrichment

Updated: 2024-08-02T23:03:20.704Z

NVD

Status : Awaiting Analysis

Published: 2024-03-02T22:15:48.263

Modified: 2024-03-04T13:58:23.447

Link: CVE-2023-52524

Redhat

Severity : Moderate

Publid Date: 2024-03-02T00:00:00Z

Links: CVE-2023-52524 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52524", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.317Z", "datePublished": "2024-03-02T21:52:30.995Z", "dateUpdated": "2024-11-04T14:48:32.352Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:32.352Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "dd6ff3f38627", "lessThan": "191d87a19cf1", "status": "affected", "versionType": "git"}, {"version": "96f2c6f272ec", "lessThan": "dba849cc9811", "status": "affected", "versionType": "git"}, {"version": "fc8429f8d868", "lessThan": "4837a192f6d0", "status": "affected", "versionType": "git"}, {"version": "425d9d3a92df", "lessThan": "7562780e32b8", "status": "affected", "versionType": "git"}, {"version": "6709d4b7bc2e", "lessThan": "29c16c2bf586", "status": "affected", "versionType": "git"}, {"version": "6709d4b7bc2e", "lessThan": "dfc7f7a988da", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "6.5", "status": "affected"}, {"version": "0", "lessThan": "6.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.258", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.198", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.135", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.57", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.7", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391"}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb"}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b"}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082"}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391"}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916"}], "title": "net: nfc: llcp: Add lock when modifying device list", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52524", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T20:30:07.758768Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:00.826Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.704Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.704Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52524", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T20:30:07.758768Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.885Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net: nfc: llcp: Add lock when modifying device list", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "dd6ff3f38627", "lessThan": "191d87a19cf1", "versionType": "git"}, {"status": "affected", "version": "96f2c6f272ec", "lessThan": "dba849cc9811", "versionType": "git"}, {"status": "affected", "version": "fc8429f8d868", "lessThan": "4837a192f6d0", "versionType": "git"}, {"status": "affected", "version": "425d9d3a92df", "lessThan": "7562780e32b8", "versionType": "git"}, {"status": "affected", "version": "6709d4b7bc2e", "lessThan": "29c16c2bf586", "versionType": "git"}, {"status": "affected", "version": "6709d4b7bc2e", "lessThan": "dfc7f7a988da", "versionType": "git"}], "programFiles": ["net/nfc/llcp_core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.5"}, {"status": "unaffected", "version": "0", "lessThan": "6.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.258", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.198", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.135", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.57", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.7", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/nfc/llcp_core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391"}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb"}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b"}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082"}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391"}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:32.352Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52524", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:48:32.352Z", "dateReserved": "2024-02-20T12:30:33.317Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:30.995Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: net: nfc: llcp: Add lock when modifying device list", "id": "2267793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267793"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-414", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: nfc: llcp: Add lock when modifying device list\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered.", "A flaw was found in the net:nfc:llcp component in the Linux kernel that could allow for potential data corruption when the device list is accessed and modified, as there are no locks present to avoid concurrent modifications."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52524", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52524\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52524\nhttps://lore.kernel.org/linux-cve-announce/2024030253-CVE-2023-52524-a5e0@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.258, kernel 5.10.198, kernel 5.15.135, kernel 6.1.57, kernel 6.5.7, kernel 6.6"}