CVE-2023-52583 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will always be set from the callers, let's just remove it.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160
https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980
https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67
https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e
https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca
https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085
https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3
https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6
https://lore.kernel.org/linux-cve-announce/2024030641-CVE-2023-52583-fd38@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52583
https://www.cve.org/CVERecord?id=CVE-2023-52583

History

Mon, 04 Nov 2024 13:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-06T06:45:19.319Z

Updated: 2024-11-04T14:49:09.937Z

Reserved: 2024-03-02T21:55:42.569Z

Link: CVE-2023-52583

Vulnrichment

Updated: 2024-08-02T23:03:21.182Z

NVD

Status : Awaiting Analysis

Published: 2024-03-06T07:15:06.553

Modified: 2024-11-04T13:16:39.073

Link: CVE-2023-52583

Redhat

Severity : Moderate

Publid Date: 2024-03-06T00:00:00Z

Links: CVE-2023-52583 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52583", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-02T21:55:42.569Z", "datePublished": "2024-03-06T06:45:19.319Z", "dateUpdated": "2024-11-04T14:49:09.937Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:49:09.937Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ceph/caps.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "eb55ba8aa7fb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6ab4fd508fad", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "e016e358461b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a9c15d6e8aee", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7f2649c94264", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "196b87e5c00c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "76cb2aa3421f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b493ad718b1f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ceph/caps.c"], "versions": [{"version": "4.19.307", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.269", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.77", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.16", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"}, {"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"}, {"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"}, {"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"}, {"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"}, {"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"}, {"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"}, {"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"}], "title": "ceph: fix deadlock or deadcode of misusing dget()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T16:25:29.028372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:24:14.471Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.182Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.182Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T16:25:29.028372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.619Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "ceph: fix deadlock or deadcode of misusing dget()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "eb55ba8aa7fb", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "6ab4fd508fad", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "e016e358461b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a9c15d6e8aee", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7f2649c94264", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "196b87e5c00c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "76cb2aa3421f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b493ad718b1f", "versionType": "git"}], "programFiles": ["fs/ceph/caps.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.307", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.269", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.77", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.16", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ceph/caps.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"}, {"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"}, {"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"}, {"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"}, {"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"}, {"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"}, {"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"}, {"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:34:00.960Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52583", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:34:00.960Z", "dateReserved": "2024-03-02T21:55:42.569Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-06T06:45:19.319Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: ceph: fix deadlock or deadcode of misusing dget()", "id": "2268339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268339"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nceph: fix deadlock or deadcode of misusing dget()\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it.", "A flaw was found in the Linux kernel, caused by an incorrect lock ordering between a directory entry and its parent directory in the kernel\u2019s Ceph filesystem implementation; the expected behavior is for the parent directory to always lock before its child. While the associated deadcode isn't actively used, it presents a risk of deadlock which could potentially cause system instability or crashes."], "name": "CVE-2023-52583", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52583\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52583\nhttps://lore.kernel.org/linux-cve-announce/2024030641-CVE-2023-52583-fd38@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.307, kernel 5.4.269, kernel 5.10.210, kernel 5.15.149, kernel 6.1.77, kernel 6.6.16, kernel 6.7.4, kernel 6.8-rc1"}