CVE-2023-52735 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.80.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5672	2024-08-21T00:00:00Z
kernel-rt-0:5.14.0-284.80.1.rt14.365.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:5673	2024-08-21T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9
https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49
https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba
https://lore.kernel.org/linux-cve-announce/2024052100-CVE-2023-52735-4df1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52735
https://www.cve.org/CVERecord?id=CVE-2023-52735

History

Sat, 14 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Moderate`	threat_severity `Low`

Mon, 26 Aug 2024 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::nfv
Vendors & Products		Redhat Redhat rhel Eus

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T15:22:59.893Z

Updated: 2024-12-19T08:24:40.295Z

Reserved: 2024-05-21T15:19:24.232Z

Link: CVE-2023-52735

Vulnrichment

Updated: 2024-08-02T23:11:35.223Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T16:15:13.523

Modified: 2024-11-21T08:40:28.437

Link: CVE-2023-52735

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2023-52735 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52735", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.232Z", "datePublished": "2024-05-21T15:22:59.893Z", "dateUpdated": "2024-12-19T08:24:40.295Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:24:40.295Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself\n\nsock_map proto callbacks should never call themselves by design. Protect\nagainst bugs like [1] and break out of the recursive loop to avoid a stack\noverflow in favor of a resource leak.\n\n[1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/sock_map.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f312367f5246e04df564d341044286e9e37a97ba", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7499859881488da97589f3c79cc66fa75748ad49", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "5b4a79ba65a1ab479903fff2e604865d229b70a9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/sock_map.c"], "versions": [{"version": "5.15.95", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.13", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba"}, {"url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49"}, {"url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9"}], "title": "bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52735", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T17:57:06.250837Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "1da177e4c3f4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.15.95"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.1.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.2"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:22:39.551Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.223Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.223Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52735", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T17:57:06.250837Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "1da177e4c3f4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.15.95"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.1.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.2"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-22T17:56:20.821Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f312367f5246e04df564d341044286e9e37a97ba", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7499859881488da97589f3c79cc66fa75748ad49", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "5b4a79ba65a1ab479903fff2e604865d229b70a9", "versionType": "git"}], "programFiles": ["net/core/sock_map.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.95", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.13", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/core/sock_map.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba"}, {"url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49"}, {"url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself\n\nsock_map proto callbacks should never call themselves by design. Protect\nagainst bugs like [1] and break out of the recursive loop to avoid a stack\noverflow in favor of a resource leak.\n\n[1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:24:40.295Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52735", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:24:40.295Z", "dateReserved": "2024-05-21T15:19:24.232Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:22:59.893Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself\n\nsock_map proto callbacks should never call themselves by design. Protect\nagainst bugs like [1] and break out of the recursive loop to avoid a stack\noverflow in favor of a resource leak.\n\n[1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: no permita que sock_map_{close,destroy,unhash} se llame a s\u00ed mismo. Las devoluciones de llamada del proto sock_map nunca deber\u00edan llamarse a s\u00ed mismas por dise\u00f1o. Prot\u00e9jase contra bugs como [1] y salga del bucle recursivo para evitar un desbordamiento de la pila que favorezca una fuga de recursos. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/"}], "id": "CVE-2023-52735", "lastModified": "2024-11-21T08:40:28.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-21T16:15:13.523", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5672", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.80.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-21T00:00:00Z"}, {"advisory": "RHSA-2024:5673", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.80.1.rt14.365.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-21T00:00:00Z"}], "bugzilla": {"description": "kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself", "id": "2282618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282618"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-121", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself\nsock_map proto callbacks should never call themselves by design. Protect\nagainst bugs like [1] and break out of the recursive loop to avoid a stack\noverflow in favor of a resource leak.\n[1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/"], "name": "CVE-2023-52735", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52735\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52735\nhttps://lore.kernel.org/linux-cve-announce/2024052100-CVE-2023-52735-4df1@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.95, kernel 6.1.13, kernel 6.2"}