CVE-2023-52483

EPSS 0.02%
Veröffentlicht 29.02.2024 06:15:46
Zuletzt bearbeitet 13.01.2025 17:53:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

mctp: perform route lookups under a RCU read-side lock

Our current route lookups (mctp_route_lookup and mctp_route_lookup_null)
traverse the net's route list without the RCU read lock held. This means
the route lookup is subject to preemption, resulting in an potential
grace period expiry, and so an eventual kfree() while we still have the
route pointer.

Add the proper read-side critical section locks around the route
lookups, preventing premption and a possible parallel kfree.

The remaining net->mctp.routes accesses are already under a
rcu_read_lock, or protected by the RTNL for updates.

Based on an analysis from Sili Luo <rootlab@huawei.com>, where
introducing a delay in the route lookup could cause a UAF on
simultaneous sendmsg() and route deletion.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.15 < 5.15.137

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.59

Linux ≫ Linux Kernel Version >= 6.2 < 6.5.8

Linux ≫ Linux Kernel Version6.6 Updaterc1

Linux ≫ Linux Kernel Version6.6 Updaterc2

Linux ≫ Linux Kernel Version6.6 Updaterc3

Linux ≫ Linux Kernel Version6.6 Updaterc4

Linux ≫ Linux Kernel Version6.6 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a

Patch

https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4

Patch

https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c

Patch

https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52483

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52483

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52483

EUVD