{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52664", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-07T14:49:46.885Z", "datePublished": "2024-05-17T13:45:05.545Z", "dateUpdated": "2025-05-20T14:27:31.461Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-20T14:27:31.461Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: eliminate double free in error handling logic\n\nDriver has a logic leak in ring data allocation/free,\nwhere aq_ring_free could be called multiple times on same ring,\nif system is under stress and got memory allocation error.\n\nRing pointer was used as an indicator of failure, but this is\nnot correct since only ring data is allocated/deallocated.\nRing itself is an array member.\n\nChanging ring allocation functions to return error code directly.\nThis simplifies error handling and eliminates aq_ring_free\non higher layer."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/aquantia/atlantic/aq_ptp.c", "drivers/net/ethernet/aquantia/atlantic/aq_ring.c", "drivers/net/ethernet/aquantia/atlantic/aq_ring.h", "drivers/net/ethernet/aquantia/atlantic/aq_vec.c"], "versions": [{"version": "018423e90bee8978105eaaa265a26e70637f9f1e", "lessThan": "0edb3ae8bfa31cd544b0c195bdec00e036002b5d", "status": "affected", "versionType": "git"}, {"version": "018423e90bee8978105eaaa265a26e70637f9f1e", "lessThan": "c11a870a73a3bc4cc7df6dd877a45b181795fcbf", "status": "affected", "versionType": "git"}, {"version": "018423e90bee8978105eaaa265a26e70637f9f1e", "lessThan": "d1fde4a7e1dcc4d49cce285107a7a43c3030878d", "status": "affected", "versionType": "git"}, {"version": "018423e90bee8978105eaaa265a26e70637f9f1e", "lessThan": "b3cb7a830a24527877b0bc900b9bd74a96aea928", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/aquantia/atlantic/aq_ptp.c", "drivers/net/ethernet/aquantia/atlantic/aq_ring.c", "drivers/net/ethernet/aquantia/atlantic/aq_ring.h", "drivers/net/ethernet/aquantia/atlantic/aq_vec.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.77", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.16", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.1.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.6.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.7.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d"}, {"url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf"}, {"url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d"}, {"url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928"}], "title": "net: atlantic: eliminate double free in error handling logic", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:34.900Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52664", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:42:18.912718Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:20.159Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:34.900Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52664", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:42:18.912718Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:16.198Z"}}], "cna": {"title": "net: atlantic: eliminate double free in error handling logic", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "018423e90bee8978105eaaa265a26e70637f9f1e", "lessThan": "0edb3ae8bfa31cd544b0c195bdec00e036002b5d", "versionType": "git"}, {"status": "affected", "version": "018423e90bee8978105eaaa265a26e70637f9f1e", "lessThan": "c11a870a73a3bc4cc7df6dd877a45b181795fcbf", "versionType": "git"}, {"status": "affected", "version": "018423e90bee8978105eaaa265a26e70637f9f1e", "lessThan": "d1fde4a7e1dcc4d49cce285107a7a43c3030878d", "versionType": "git"}, {"status": "affected", "version": "018423e90bee8978105eaaa265a26e70637f9f1e", "lessThan": "b3cb7a830a24527877b0bc900b9bd74a96aea928", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/aquantia/atlantic/aq_ptp.c", "drivers/net/ethernet/aquantia/atlantic/aq_ring.c", "drivers/net/ethernet/aquantia/atlantic/aq_ring.h", "drivers/net/ethernet/aquantia/atlantic/aq_vec.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.11"}, {"status": "unaffected", "version": "0", "lessThan": "4.11", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.77", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.16", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/aquantia/atlantic/aq_ptp.c", "drivers/net/ethernet/aquantia/atlantic/aq_ring.c", "drivers/net/ethernet/aquantia/atlantic/aq_ring.h", "drivers/net/ethernet/aquantia/atlantic/aq_vec.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d"}, {"url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf"}, {"url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d"}, {"url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: eliminate double free in error handling logic\n\nDriver has a logic leak in ring data allocation/free,\nwhere aq_ring_free could be called multiple times on same ring,\nif system is under stress and got memory allocation error.\n\nRing pointer was used as an indicator of failure, but this is\nnot correct since only ring data is allocated/deallocated.\nRing itself is an array member.\n\nChanging ring allocation functions to return error code directly.\nThis simplifies error handling and eliminates aq_ring_free\non higher layer."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.77", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.16", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.4", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "4.11"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-20T14:27:31.461Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52664", "state": "PUBLISHED", "dateUpdated": "2025-05-20T14:27:31.461Z", "dateReserved": "2024-03-07T14:49:46.885Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T13:45:05.545Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F749AC21-58DA-44BE-B3C5-7C53F294A67A", "versionEndExcluding": "6.1.77", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8", "versionEndExcluding": "6.6.16", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78", "versionEndExcluding": "6.7.4", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: eliminate double free in error handling logic\n\nDriver has a logic leak in ring data allocation/free,\nwhere aq_ring_free could be called multiple times on same ring,\nif system is under stress and got memory allocation error.\n\nRing pointer was used as an indicator of failure, but this is\nnot correct since only ring data is allocated/deallocated.\nRing itself is an array member.\n\nChanging ring allocation functions to return error code directly.\nThis simplifies error handling and eliminates aq_ring_free\non higher layer."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: atlantic: elimina double free en la l\u00f3gica de manejo de errores El controlador tiene una fuga l\u00f3gica en la asignaci\u00f3n de datos del anillo/free, donde se podr\u00eda llamar a aq_ring_free varias veces en el mismo anillo, si el sistema est\u00e1 bajo estr\u00e9s y obtuve un error de asignaci\u00f3n de memoria. Se utiliz\u00f3 un puntero de anillo como indicador de error, pero esto no es correcto ya que solo se asignan/desasignan datos de anillo. El anillo en s\u00ed es un miembro de la matriz. Cambiar las funciones de asignaci\u00f3n de anillos para devolver el c\u00f3digo de error directamente. Esto simplifica el manejo de errores y elimina aq_ring_free en la capa superior."}], "id": "CVE-2023-52664", "lastModified": "2025-01-07T17:00:00.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T14:15:08.807", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: net: atlantic: eliminate double free in error handling logic", "id": "2281356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281356"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: atlantic: eliminate double free in error handling logic\nDriver has a logic leak in ring data allocation/free,\nwhere aq_ring_free could be called multiple times on same ring,\nif system is under stress and got memory allocation error.\nRing pointer was used as an indicator of failure, but this is\nnot correct since only ring data is allocated/deallocated.\nRing itself is an array member.\nChanging ring allocation functions to return error code directly.\nThis simplifies error handling and eliminates aq_ring_free\non higher layer."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52664", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52664\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52664\nhttps://lore.kernel.org/linux-cve-announce/2024051756-CVE-2023-52664-dea1@gregkh/T"], "threat_severity": "Moderate"}

{}