5.5

CVE-2023-52522

net: fix possible store tearing in neigh_periodic_work()

In the Linux kernel, the following vulnerability has been resolved:

net: fix possible store tearing in neigh_periodic_work()

While looking at a related syzbot report involving neigh_periodic_work(),
I found that I forgot to add an annotation when deleting an
RCU protected item from a list.

Readers use rcu_deference(*np), we need to use either
rcu_assign_pointer() or WRITE_ONCE() on writer side
to prevent store tearing.

I use rcu_assign_pointer() to have lockdep support,
this was the choice made in neigh_flush_dev().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.37 < 5.4.258
LinuxLinux Kernel Version >= 5.5 < 5.10.198
LinuxLinux Kernel Version >= 5.11 < 5.15.135
LinuxLinux Kernel Version >= 5.16 < 6.1.57
LinuxLinux Kernel Version >= 6.2 < 6.5.7
LinuxLinux Kernel Version6.6 Updaterc1
LinuxLinux Kernel Version6.6 Updaterc2
LinuxLinux Kernel Version6.6 Updaterc3
LinuxLinux Kernel Version6.6 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.136
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa
Patch
https://git.kernel.org/stable/c/25563b581ba3a1f263a00e8c9a97f5e7363be6fd
Patch
https://git.kernel.org/stable/c/2ea52a2fb8e87067e26bbab4efb8872639240eb0
Patch
https://git.kernel.org/stable/c/95eabb075a5902f4c0834ab1fb12dc35730c05af
Patch
https://git.kernel.org/stable/c/a75152d233370362eebedb2643592e7c883cc9fc
Patch
https://git.kernel.org/stable/c/f82aac8162871e87027692b36af335a2375d4580
Patch