{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52502", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.313Z", "datePublished": "2024-03-02T21:52:17.218Z", "dateUpdated": "2025-05-04T07:38:07.231Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:38:07.231Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "e863f5720a5680e50c4cecf12424d7cc31b3eb0a", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "7adcf014bda16cdbf804af5c164d94d5d025db2d", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "d888d3f70b0de32b4f51534175f039ddab15eef8", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c", "status": "affected", "versionType": "git"}, {"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "31c07dffafce914c1d1543c135382a11ff058d93", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "3.6", "status": "affected"}, {"version": "0", "lessThan": "3.6", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.297", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.259", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.199", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.136", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.59", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.8", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6", "versionEndExcluding": "4.19.297"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6", "versionEndExcluding": "5.4.259"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6", "versionEndExcluding": "5.10.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6", "versionEndExcluding": "5.15.136"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6", "versionEndExcluding": "6.1.59"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6", "versionEndExcluding": "6.5.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6", "versionEndExcluding": "6.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"}, {"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"}, {"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"}, {"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"}, {"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"}, {"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"}, {"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"}], "title": "net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-05T20:30:02.589366Z", "id": "CVE-2023-52502", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T14:59:47.087Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.409Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.409Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T20:30:02.589366Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:15.910Z"}}], "cna": {"title": "net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "e863f5720a5680e50c4cecf12424d7cc31b3eb0a", "versionType": "git"}, {"status": "affected", "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "7adcf014bda16cdbf804af5c164d94d5d025db2d", "versionType": "git"}, {"status": "affected", "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9", "versionType": "git"}, {"status": "affected", "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "d888d3f70b0de32b4f51534175f039ddab15eef8", "versionType": "git"}, {"status": "affected", "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc", "versionType": "git"}, {"status": "affected", "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c", "versionType": "git"}, {"status": "affected", "version": "8f50020ed9b81ba909ce9573f9d05263cdebf502", "lessThan": "31c07dffafce914c1d1543c135382a11ff058d93", "versionType": "git"}], "programFiles": ["net/nfc/llcp_core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.6"}, {"status": "unaffected", "version": "0", "lessThan": "3.6", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.297", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.259", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.199", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.136", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.59", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.8", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/nfc/llcp_core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"}, {"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"}, {"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"}, {"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"}, {"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"}, {"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"}, {"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.297", "versionStartIncluding": "3.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.259", "versionStartIncluding": "3.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.199", "versionStartIncluding": "3.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.136", "versionStartIncluding": "3.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.59", "versionStartIncluding": "3.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.5.8", "versionStartIncluding": "3.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6", "versionStartIncluding": "3.6"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:38:07.231Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52502", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:38:07.231Z", "dateReserved": "2024-02-20T12:30:33.313Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:17.218Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "11744FF9-EEDC-4705-B511-19A5DD432FB4", "versionEndExcluding": "4.19.297", "versionStartIncluding": "3.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9F46843-24C9-4AC7-B6BB-1EF101D05435", "versionEndExcluding": "5.4.259", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D886A8D-A6CD-44FA-ACF5-DD260ECA7A1B", "versionEndExcluding": "5.10.199", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1FA5161-3AC0-44DF-B1F7-93A070F2B1E7", "versionEndExcluding": "5.15.136", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96EA633C-1F3E-41C5-A13A-155C55A1F273", "versionEndExcluding": "6.1.59", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D", "versionEndExcluding": "6.5.8", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: nfc: corrige ejecuci\u00f3ns en nfc_llcp_sock_get() y nfc_llcp_sock_get_sn() Sili Luo inform\u00f3 una ejecuci\u00f3n en nfc_llcp_sock_get(), lo que llev\u00f3 a UAF. Obtener una referencia en el enchufe encontrado en una b\u00fasqueda mientras se mantiene un candado debe ocurrir antes de liberar el candado. nfc_llcp_sock_get_sn() tiene un problema similar. Finalmente, nfc_llcp_recv_snl() necesita asegurarse de que el socket encontrado por nfc_llcp_sock_from_sn() no desaparezca."}], "id": "CVE-2023-52502", "lastModified": "2025-03-19T16:11:28.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-02T22:15:47.203", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()", "id": "2267781", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267781"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\nnfc_llcp_sock_get_sn() has a similar problem.\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear.", "A use-after-free vulnerability was found in the Linux kernel in the net:nfc component and is caused by a race condition in the nfc_llcp_sock_get() function. This flaw could lead to memory corruption, crashes, or potential exploitation by attackers of privileged memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52502", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52502\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52502\nhttps://lore.kernel.org/linux-cve-announce/2024030248-CVE-2023-52502-6863@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}