CVE-2023-52502

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()

Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.

Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock.

nfc_llcp_sock_get_sn() has a similar problem.

Finally nfc_llcp_recv_snl() needs to make sure the socket found by nfc_llcp_sock_from_sn() does not disappear.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8f50020ed9b81ba909ce9573f9d05263cdebf502 < e863f5720a5680e50c4cecf12424d7cc31b3eb0aaffected
LinuxLinux8f50020ed9b81ba909ce9573f9d05263cdebf502 < 7adcf014bda16cdbf804af5c164d94d5d025db2daffected
LinuxLinux8f50020ed9b81ba909ce9573f9d05263cdebf502 < 6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9affected
LinuxLinux8f50020ed9b81ba909ce9573f9d05263cdebf502 < d888d3f70b0de32b4f51534175f039ddab15eef8affected
LinuxLinux8f50020ed9b81ba909ce9573f9d05263cdebf502 < e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dcaffected
LinuxLinux8f50020ed9b81ba909ce9573f9d05263cdebf502 < d1af8a39cf839d93c8967fdd858f6bbdc3e4a15caffected
LinuxLinux8f50020ed9b81ba909ce9573f9d05263cdebf502 < 31c07dffafce914c1d1543c135382a11ff058d93affected
LinuxLinux3.6affected
LinuxLinux0 < 3.6unaffected
LinuxLinux4.19.297 <= 4.19.*unaffected
LinuxLinux5.4.259 <= 5.4.*unaffected
LinuxLinux5.10.199 <= 5.10.*unaffected
LinuxLinux5.15.136 <= 5.15.*unaffected
LinuxLinux6.1.59 <= 6.1.*unaffected
LinuxLinux6.5.8 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References