CVE-2023-52524

In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391	Patch
https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391	Patch
https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b	Patch
https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082	Patch
https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb	Patch
https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916	Patch
https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391	Patch
https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391	Patch
https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b	Patch
https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082	Patch
https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb	Patch
https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc4::::::

History

No history.

Information

Published : 2024-03-02 22:15

Updated : 2025-01-13 20:00

NVD link : CVE-2023-52524

Mitre link : CVE-2023-52524

CVE.ORG link : CVE-2023-52524

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2023-52524", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-03-02T22:15:48.263", "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: nfc: llcp: Agregar bloqueo al modificar la lista de dispositivos La lista de dispositivos necesita mantener su bloqueo asociado al modificarla, o la lista podr\u00eda corromperse, como descubri\u00f3 syzbot."}], "lastModified": "2025-01-13T20:00:51.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEF23E2F-2D7D-429D-9A9D-3C3037DDF337", "versionEndExcluding": "5.4.258", "versionStartIncluding": "5.4.251"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BF9EEBD-3033-41C3-9E3C-16AFB9AF75A7", "versionEndExcluding": "5.10.198", "versionStartIncluding": "5.10.188"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2FDE0B2-2B57-44AB-9D8B-CB4E865DEB90", "versionEndExcluding": "5.15.135", "versionStartIncluding": "5.15.121"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52806B93-9F14-4809-8A4B-10AC41AC10D1", "versionEndExcluding": "6.1.57", "versionStartIncluding": "6.1.39"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "237658B4-9F55-44A1-8440-9BFCDD0E6390", "versionEndExcluding": "6.5.7", "versionStartIncluding": "6.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}