CVE-2023-52577 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40
https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d
https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6
https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6
https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337
https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a
https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969
https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3
https://lore.kernel.org/linux-cve-announce/2024030257-CVE-2023-52577-2638@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2023-52577
https://www.cve.org/CVERecord?id=CVE-2023-52577

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-908
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:4.14.326:::::::* cpe:2.3:o:linux:linux_kernel:4.19.295:::::::* cpe:2.3:o:linux:linux_kernel:5.4.257:::::::*
Vendors & Products		Linux Linux linux Kernel

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52577", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-02T21:55:42.568Z", "datePublished": "2024-03-02T21:59:45.279Z", "dateUpdated": "2025-05-04T12:49:18.646Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:49:18.646Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: fix dccp_v4_err()/dccp_v6_err() again\n\ndh->dccph_x is the 9th byte (offset 8) in \"struct dccp_hdr\",\nnot in the \"byte 7\" as Jann claimed.\n\nWe need to make sure the ICMP messages are big enough,\nusing more standard ways (no more assumptions).\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\nBUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline]\nBUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\npskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\ndccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\nicmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867\nicmpv6_rcv+0x19d5/0x30d0\nip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\nip6_input_finish net/ipv6/ip6_input.c:483 [inline]\nNF_HOOK include/linux/netfilter.h:304 [inline]\nip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\nip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\ndst_input include/net/dst.h:468 [inline]\nip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\nNF_HOOK include/linux/netfilter.h:304 [inline]\nipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n__netif_receive_skb_one_core net/core/dev.c:5523 [inline]\n__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637\nnetif_receive_skb_internal net/core/dev.c:5723 [inline]\nnetif_receive_skb+0x58/0x660 net/core/dev.c:5782\ntun_rx_batched+0x83b/0x920\ntun_get_user+0x564c/0x6940 drivers/net/tun.c:2002\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\nslab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\nslab_alloc_node mm/slub.c:3478 [inline]\nkmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n__alloc_skb+0x318/0x740 net/core/skbuff.c:650\nalloc_skb include/linux/skbuff.h:1286 [inline]\nalloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313\nsock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795\ntun_alloc_skb drivers/net/tun.c:1531 [inline]\ntun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nCPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/dccp/ipv4.c", "net/dccp/ipv6.c"], "versions": [{"version": "3533e10272555c422a7d51ebc0ce8c483429f7f2", "lessThan": "4600beae416d754a3cedbb1ecea8181ec05073b6", "status": "affected", "versionType": "git"}, {"version": "177212bf6dc1ff2d13d0409cddc5c9e81feec63d", "lessThan": "62c218124fe58372e0e1f60d5b634d21c264b337", "status": "affected", "versionType": "git"}, {"version": "7a7dd70cb954d3efa706a429687ded88c02496fa", "lessThan": "a6f4d582e25d512c9b492670b6608436694357b3", "status": "affected", "versionType": "git"}, {"version": "4b8a938e329ae4eb54b73b0c87b5170607b038a8", "lessThan": "60d73c62e3e4464f375758b6f2459c13d46465b6", "status": "affected", "versionType": "git"}, {"version": "6ecf09699eb1554299aa1e7fd13e9e80f656c2f9", "lessThan": "26df9ab5de308caa1503d937533c56c35793018d", "status": "affected", "versionType": "git"}, {"version": "f8a7f10a1dccf9868ff09342a73dce27501b86df", "lessThan": "73be49248a04746096339a48a33fa2f03bd85969", "status": "affected", "versionType": "git"}, {"version": "ec620c34f5fa5d055f9f6136a387755db6157712", "lessThan": "1512d8f45d3c5d0b5baa00bd8e600492fa569f40", "status": "affected", "versionType": "git"}, {"version": "977ad86c2a1bcaf58f01ab98df5cc145083c489c", "lessThan": "6af289746a636f71f4c0535a9801774118486c7a", "status": "affected", "versionType": "git"}, {"version": "d8171411a661253e6271fa10b65b46daf1b6471c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/dccp/ipv4.c", "net/dccp/ipv6.c"], "versions": [{"version": "4.14.326", "lessThan": "4.14.327", "status": "affected", "versionType": "semver"}, {"version": "4.19.295", "lessThan": "4.19.296", "status": "affected", "versionType": "semver"}, {"version": "5.4.257", "lessThan": "5.4.258", "status": "affected", "versionType": "semver"}, {"version": "5.10.195", "lessThan": "5.10.198", "status": "affected", "versionType": "semver"}, {"version": "5.15.132", "lessThan": "5.15.134", "status": "affected", "versionType": "semver"}, {"version": "6.1.53", "lessThan": "6.1.56", "status": "affected", "versionType": "semver"}, {"version": "6.5.3", "lessThan": "6.5.6", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.326", "versionEndExcluding": "4.14.327"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.295", "versionEndExcluding": "4.19.296"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.257", "versionEndExcluding": "5.4.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.195", "versionEndExcluding": "5.10.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.132", "versionEndExcluding": "5.15.134"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.53", "versionEndExcluding": "6.1.56"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5.3", "versionEndExcluding": "6.5.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6"}, {"url": "https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337"}, {"url": "https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3"}, {"url": "https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6"}, {"url": "https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d"}, {"url": "https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969"}, {"url": "https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40"}, {"url": "https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a"}], "title": "dccp: fix dccp_v4_err()/dccp_v6_err() again", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T20:40:23.115267Z", "id": "CVE-2023-52577", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T20:40:47.293Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.243Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-52577 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-03-02T21:55:42.568Z (string)

datePublished : 2024-03-02T21:59:45.279Z (string)

dateUpdated : 2025-05-04T12:49:18.646Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T12:49:18.646Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccp_v4_err()/dccp_v6_err() again dh->dccph_x is the 9th byte (offset 8) in "struct dccp_hdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways (no more assumptions). syzbot reported: BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline] BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline] BUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 pskb_may_pull_reason include/linux/skbuff.h:2667 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867 icmpv6_rcv+0x19d5/0x30d0 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:304 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:468 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:304 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5523 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637 netif_receive_skb_internal net/core/dev.c:5723 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5782 tun_rx_batched+0x83b/0x920 tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/dccp/ipv4.c (string)

1 : net/dccp/ipv6.c (string)

]

versions : [ »

0 : { »

version : 3533e10272555c422a7d51ebc0ce8c483429f7f2 (string)

lessThan : 4600beae416d754a3cedbb1ecea8181ec05073b6 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 177212bf6dc1ff2d13d0409cddc5c9e81feec63d (string)

lessThan : 62c218124fe58372e0e1f60d5b634d21c264b337 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 7a7dd70cb954d3efa706a429687ded88c02496fa (string)

lessThan : a6f4d582e25d512c9b492670b6608436694357b3 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 4b8a938e329ae4eb54b73b0c87b5170607b038a8 (string)

lessThan : 60d73c62e3e4464f375758b6f2459c13d46465b6 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 6ecf09699eb1554299aa1e7fd13e9e80f656c2f9 (string)

lessThan : 26df9ab5de308caa1503d937533c56c35793018d (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : f8a7f10a1dccf9868ff09342a73dce27501b86df (string)

lessThan : 73be49248a04746096339a48a33fa2f03bd85969 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : ec620c34f5fa5d055f9f6136a387755db6157712 (string)

lessThan : 1512d8f45d3c5d0b5baa00bd8e600492fa569f40 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : 977ad86c2a1bcaf58f01ab98df5cc145083c489c (string)

lessThan : 6af289746a636f71f4c0535a9801774118486c7a (string)

status : affected (string)

versionType : git (string)

}

8 : { »

version : d8171411a661253e6271fa10b65b46daf1b6471c (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/dccp/ipv4.c (string)

1 : net/dccp/ipv6.c (string)

]

versions : [ »

0 : { »

version : 4.14.326 (string)

lessThan : 4.14.327 (string)

status : affected (string)

versionType : semver (string)

}

1 : { »

version : 4.19.295 (string)

lessThan : 4.19.296 (string)

status : affected (string)

versionType : semver (string)

}

2 : { »

version : 5.4.257 (string)

lessThan : 5.4.258 (string)

status : affected (string)

versionType : semver (string)

}

3 : { »

version : 5.10.195 (string)

lessThan : 5.10.198 (string)

status : affected (string)

versionType : semver (string)

}

4 : { »

version : 5.15.132 (string)

lessThan : 5.15.134 (string)

status : affected (string)

versionType : semver (string)

}

5 : { »

version : 6.1.53 (string)

lessThan : 6.1.56 (string)

status : affected (string)

versionType : semver (string)

}

6 : { »

version : 6.5.3 (string)

lessThan : 6.5.6 (string)

status : affected (string)

versionType : semver (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.14.326 (string)

versionEndExcluding : 4.14.327 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.19.295 (string)

versionEndExcluding : 4.19.296 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.4.257 (string)

versionEndExcluding : 5.4.258 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.10.195 (string)

versionEndExcluding : 5.10.198 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.15.132 (string)

versionEndExcluding : 5.15.134 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.1.53 (string)

versionEndExcluding : 6.1.56 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.5.3 (string)

versionEndExcluding : 6.5.6 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.4.16 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d (string)

}

5 : { »

url : https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a (string)

}

]

title : dccp: fix dccp_v4_err()/dccp_v6_err() again (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-06-26T20:40:23.115267Z (string)

id : CVE-2023-52577 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-26T20:40:47.293Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T23:03:21.243Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.243Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52577", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T20:40:23.115267Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T20:40:43.592Z"}}], "cna": {"title": "dccp: fix dccp_v4_err()/dccp_v6_err() again", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3533e10272555c422a7d51ebc0ce8c483429f7f2", "lessThan": "4600beae416d754a3cedbb1ecea8181ec05073b6", "versionType": "git"}, {"status": "affected", "version": "177212bf6dc1ff2d13d0409cddc5c9e81feec63d", "lessThan": "62c218124fe58372e0e1f60d5b634d21c264b337", "versionType": "git"}, {"status": "affected", "version": "7a7dd70cb954d3efa706a429687ded88c02496fa", "lessThan": "a6f4d582e25d512c9b492670b6608436694357b3", "versionType": "git"}, {"status": "affected", "version": "4b8a938e329ae4eb54b73b0c87b5170607b038a8", "lessThan": "60d73c62e3e4464f375758b6f2459c13d46465b6", "versionType": "git"}, {"status": "affected", "version": "6ecf09699eb1554299aa1e7fd13e9e80f656c2f9", "lessThan": "26df9ab5de308caa1503d937533c56c35793018d", "versionType": "git"}, {"status": "affected", "version": "f8a7f10a1dccf9868ff09342a73dce27501b86df", "lessThan": "73be49248a04746096339a48a33fa2f03bd85969", "versionType": "git"}, {"status": "affected", "version": "ec620c34f5fa5d055f9f6136a387755db6157712", "lessThan": "1512d8f45d3c5d0b5baa00bd8e600492fa569f40", "versionType": "git"}, {"status": "affected", "version": "977ad86c2a1bcaf58f01ab98df5cc145083c489c", "lessThan": "6af289746a636f71f4c0535a9801774118486c7a", "versionType": "git"}, {"status": "affected", "version": "d8171411a661253e6271fa10b65b46daf1b6471c", "versionType": "git"}], "programFiles": ["net/dccp/ipv4.c", "net/dccp/ipv6.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.14.326", "lessThan": "4.14.327", "versionType": "semver"}, {"status": "affected", "version": "4.19.295", "lessThan": "4.19.296", "versionType": "semver"}, {"status": "affected", "version": "5.4.257", "lessThan": "5.4.258", "versionType": "semver"}, {"status": "affected", "version": "5.10.195", "lessThan": "5.10.198", "versionType": "semver"}, {"status": "affected", "version": "5.15.132", "lessThan": "5.15.134", "versionType": "semver"}, {"status": "affected", "version": "6.1.53", "lessThan": "6.1.56", "versionType": "semver"}, {"status": "affected", "version": "6.5.3", "lessThan": "6.5.6", "versionType": "semver"}], "programFiles": ["net/dccp/ipv4.c", "net/dccp/ipv6.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6"}, {"url": "https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337"}, {"url": "https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3"}, {"url": "https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6"}, {"url": "https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d"}, {"url": "https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969"}, {"url": "https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40"}, {"url": "https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: fix dccp_v4_err()/dccp_v6_err() again\n\ndh->dccph_x is the 9th byte (offset 8) in \"struct dccp_hdr\",\nnot in the \"byte 7\" as Jann claimed.\n\nWe need to make sure the ICMP messages are big enough,\nusing more standard ways (no more assumptions).\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\nBUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline]\nBUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\npskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\ndccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\nicmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867\nicmpv6_rcv+0x19d5/0x30d0\nip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\nip6_input_finish net/ipv6/ip6_input.c:483 [inline]\nNF_HOOK include/linux/netfilter.h:304 [inline]\nip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\nip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\ndst_input include/net/dst.h:468 [inline]\nip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\nNF_HOOK include/linux/netfilter.h:304 [inline]\nipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n__netif_receive_skb_one_core net/core/dev.c:5523 [inline]\n__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637\nnetif_receive_skb_internal net/core/dev.c:5723 [inline]\nnetif_receive_skb+0x58/0x660 net/core/dev.c:5782\ntun_rx_batched+0x83b/0x920\ntun_get_user+0x564c/0x6940 drivers/net/tun.c:2002\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\nslab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\nslab_alloc_node mm/slub.c:3478 [inline]\nkmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n__alloc_skb+0x318/0x740 net/core/skbuff.c:650\nalloc_skb include/linux/skbuff.h:1286 [inline]\nalloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313\nsock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795\ntun_alloc_skb drivers/net/tun.c:1531 [inline]\ntun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nCPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.14.327", "versionStartIncluding": "4.14.326"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.296", "versionStartIncluding": "4.19.295"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.258", "versionStartIncluding": "5.4.257"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.198", "versionStartIncluding": "5.10.195"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.134", "versionStartIncluding": "5.15.132"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.56", "versionStartIncluding": "6.1.53"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.5.6", "versionStartIncluding": "6.5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.4.16"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:49:18.646Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52577", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:49:18.646Z", "dateReserved": "2024-03-02T21:55:42.568Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:59:45.279Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T23:03:21.243Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-52577 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-06-26T20:40:23.115267Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-26T20:40:43.592Z (string)

}

]

cna : { »

title : dccp: fix dccp_v4_err()/dccp_v6_err() again (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 3533e10272555c422a7d51ebc0ce8c483429f7f2 (string)

lessThan : 4600beae416d754a3cedbb1ecea8181ec05073b6 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 177212bf6dc1ff2d13d0409cddc5c9e81feec63d (string)

lessThan : 62c218124fe58372e0e1f60d5b634d21c264b337 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 7a7dd70cb954d3efa706a429687ded88c02496fa (string)

lessThan : a6f4d582e25d512c9b492670b6608436694357b3 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 4b8a938e329ae4eb54b73b0c87b5170607b038a8 (string)

lessThan : 60d73c62e3e4464f375758b6f2459c13d46465b6 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 6ecf09699eb1554299aa1e7fd13e9e80f656c2f9 (string)

lessThan : 26df9ab5de308caa1503d937533c56c35793018d (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : f8a7f10a1dccf9868ff09342a73dce27501b86df (string)

lessThan : 73be49248a04746096339a48a33fa2f03bd85969 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : ec620c34f5fa5d055f9f6136a387755db6157712 (string)

lessThan : 1512d8f45d3c5d0b5baa00bd8e600492fa569f40 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : 977ad86c2a1bcaf58f01ab98df5cc145083c489c (string)

lessThan : 6af289746a636f71f4c0535a9801774118486c7a (string)

versionType : git (string)

}

8 : { »

status : affected (string)

version : d8171411a661253e6271fa10b65b46daf1b6471c (string)

versionType : git (string)

}

]

programFiles : [ »

0 : net/dccp/ipv4.c (string)

1 : net/dccp/ipv6.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.14.326 (string)

lessThan : 4.14.327 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 4.19.295 (string)

lessThan : 4.19.296 (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 5.4.257 (string)

lessThan : 5.4.258 (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 5.10.195 (string)

lessThan : 5.10.198 (string)

versionType : semver (string)

}

4 : { »

status : affected (string)

version : 5.15.132 (string)

lessThan : 5.15.134 (string)

versionType : semver (string)

}

5 : { »

status : affected (string)

version : 6.1.53 (string)

lessThan : 6.1.56 (string)

versionType : semver (string)

}

6 : { »

status : affected (string)

version : 6.5.3 (string)

lessThan : 6.5.6 (string)

versionType : semver (string)

}

]

programFiles : [ »

0 : net/dccp/ipv4.c (string)

1 : net/dccp/ipv6.c (string)

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d (string)

}

5 : { »

url : https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccp_v4_err()/dccp_v6_err() again dh->dccph_x is the 9th byte (offset 8) in "struct dccp_hdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways (no more assumptions). syzbot reported: BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline] BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline] BUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 pskb_may_pull_reason include/linux/skbuff.h:2667 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867 icmpv6_rcv+0x19d5/0x30d0 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:304 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:468 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:304 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5523 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637 netif_receive_skb_internal net/core/dev.c:5723 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5782 tun_rx_batched+0x83b/0x920 tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.14.327 (string)

versionStartIncluding : 4.14.326 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.19.296 (string)

versionStartIncluding : 4.19.295 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.4.258 (string)

versionStartIncluding : 5.4.257 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.198 (string)

versionStartIncluding : 5.10.195 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.15.134 (string)

versionStartIncluding : 5.15.132 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.1.56 (string)

versionStartIncluding : 6.1.53 (string)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.5.6 (string)

versionStartIncluding : 6.5.3 (string)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionStartIncluding : 6.4.16 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T12:49:18.646Z (string)

}

cveMetadata : { »

cveId : CVE-2023-52577 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T12:49:18.646Z (string)

dateReserved : 2024-03-02T21:55:42.568Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-03-02T21:59:45.279Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "473AE17D-E000-42E4-8762-8669D7D816A9", "versionEndExcluding": "5.10.198", "versionStartIncluding": "5.10.195", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F47152A2-8AFC-4C71-981D-980B1763D7DD", "versionEndExcluding": "5.15.134", "versionStartIncluding": "5.15.132", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8B05106-E093-4EE4-86F3-EE7AD5802CDD", "versionEndExcluding": "6.1.56", "versionStartIncluding": "6.1.53", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "073850EA-45D9-42D3-93E5-C527A7732405", "versionEndExcluding": "6.5.6", "versionStartIncluding": "6.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.14.326:*:*:*:*:*:*:*", "matchCriteriaId": "7D69FD12-238F-4D96-8520-4C77E2B6FB85", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.19.295:*:*:*:*:*:*:*", "matchCriteriaId": "67A9EA15-10FD-4821-99DA-139F28267AF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.4.257:*:*:*:*:*:*:*", "matchCriteriaId": "66DC852D-D687-42FE-B337-455473C3ADFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: fix dccp_v4_err()/dccp_v6_err() again\n\ndh->dccph_x is the 9th byte (offset 8) in \"struct dccp_hdr\",\nnot in the \"byte 7\" as Jann claimed.\n\nWe need to make sure the ICMP messages are big enough,\nusing more standard ways (no more assumptions).\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\nBUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline]\nBUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\npskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\ndccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\nicmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867\nicmpv6_rcv+0x19d5/0x30d0\nip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\nip6_input_finish net/ipv6/ip6_input.c:483 [inline]\nNF_HOOK include/linux/netfilter.h:304 [inline]\nip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\nip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\ndst_input include/net/dst.h:468 [inline]\nip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\nNF_HOOK include/linux/netfilter.h:304 [inline]\nipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n__netif_receive_skb_one_core net/core/dev.c:5523 [inline]\n__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637\nnetif_receive_skb_internal net/core/dev.c:5723 [inline]\nnetif_receive_skb+0x58/0x660 net/core/dev.c:5782\ntun_rx_batched+0x83b/0x920\ntun_get_user+0x564c/0x6940 drivers/net/tun.c:2002\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\nslab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\nslab_alloc_node mm/slub.c:3478 [inline]\nkmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n__alloc_skb+0x318/0x740 net/core/skbuff.c:650\nalloc_skb include/linux/skbuff.h:1286 [inline]\nalloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313\nsock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795\ntun_alloc_skb drivers/net/tun.c:1531 [inline]\ntun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nCPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dccp: corrija dccp_v4_err()/dccp_v6_err() nuevamente dh-&gt;dccph_x es el noveno byte (desplazamiento 8) en \"struct dccp_hdr\", no en el \"byte 7\" como Jann reclamado. Necesitamos asegurarnos de que los mensajes ICMP sean lo suficientemente grandes, utilizando formas m\u00e1s est\u00e1ndar (sin m\u00e1s suposiciones). syzbot inform\u00f3: ERROR: KMSAN: valor uninit en pskb_may_pull_reason include/linux/skbuff.h:2667 [en l\u00ednea] ERROR: KMSAN: valor uninit en pskb_may_pull include/linux/skbuff.h:2681 [en l\u00ednea] ERROR: KMSAN: uninit -valor en dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 pskb_may_pull_reason include/linux/skbuff.h:2667 [en l\u00ednea] pskb_may_pull include/linux/skbuff.h:2681 [en l\u00ednea] dccp_v6_err+0x426/0x1aa0 net/ dccp/ipv6.c:94 icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867 icmpv6_rcv+0x19d5/0x30d0 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6 /ip6_input.c:483 [en l\u00ednea] NF_HOOK include/linux/netfilter.h:304 [en l\u00ednea] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst .h:468 [en l\u00ednea] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:304 [en l\u00ednea] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net /core/dev.c:5523 [en l\u00ednea] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637 netif_receive_skb_internal net/core/dev.c:5723 [en l\u00ednea] netif_receive_skb+0x58/0x660 net/core/dev.c :5782 tun_rx_batched+0x83b/0x920 tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [en l\u00ednea] new_sync_write fs /read_write.c:491 [en l\u00ednea] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [en l\u00ednea] __se_sys_write fs/read_write.c :646 [en l\u00ednea] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+ 0x63/0xcd Uninit se cre\u00f3 en: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [en l\u00ednea] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4 a0 neto/ core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313 sock_alloc_send_pskb+ 0xa80/0xbf0 net/core/sock.c:2795 controladores tun_alloc_skb/net/tun.c:1531 [en l\u00ednea] tun_get_user+0x23cf/0x6940 controladores/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 controladores/net/tun. c:2048 call_write_iter include/linux/fs.h:1985 [en l\u00ednea] new_sync_write fs/read_write.c:491 [en l\u00ednea] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c: 637 __do_sys_write fs/read_write.c:649 [en l\u00ednea] __se_sys_write fs/read_write.c:646 [en l\u00ednea] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/08/2023"}], "id": "CVE-2023-52577", "lastModified": "2024-12-11T16:21:49.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-02T22:15:49.537", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 473AE17D-E000-42E4-8762-8669D7D816A9 (string)

versionEndExcluding : 5.10.198 (string)

versionStartIncluding : 5.10.195 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F47152A2-8AFC-4C71-981D-980B1763D7DD (string)

versionEndExcluding : 5.15.134 (string)

versionStartIncluding : 5.15.132 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D8B05106-E093-4EE4-86F3-EE7AD5802CDD (string)

versionEndExcluding : 6.1.56 (string)

versionStartIncluding : 6.1.53 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 073850EA-45D9-42D3-93E5-C527A7732405 (string)

versionEndExcluding : 6.5.6 (string)

versionStartIncluding : 6.5.3 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:4.14.326:*:*:*:*:*:*:* (string)

matchCriteriaId : 7D69FD12-238F-4D96-8520-4C77E2B6FB85 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:4.19.295:*:*:*:*:*:*:* (string)

matchCriteriaId : 67A9EA15-10FD-4821-99DA-139F28267AF1 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.4.257:*:*:*:*:*:*:* (string)

matchCriteriaId : 66DC852D-D687-42FE-B337-455473C3ADFB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccp_v4_err()/dccp_v6_err() again dh->dccph_x is the 9th byte (offset 8) in "struct dccp_hdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways (no more assumptions). syzbot reported: BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline] BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline] BUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 pskb_may_pull_reason include/linux/skbuff.h:2667 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867 icmpv6_rcv+0x19d5/0x30d0 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:304 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:468 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:304 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5523 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637 netif_receive_skb_internal net/core/dev.c:5723 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5782 tun_rx_batched+0x83b/0x920 tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dccp: corrija dccp_v4_err()/dccp_v6_err() nuevamente dh->dccph_x es el noveno byte (desplazamiento 8) en "struct dccp_hdr", no en el "byte 7" como Jann reclamado. Necesitamos asegurarnos de que los mensajes ICMP sean lo suficientemente grandes, utilizando formas más estándar (sin más suposiciones). syzbot informó: ERROR: KMSAN: valor uninit en pskb_may_pull_reason include/linux/skbuff.h:2667 [en línea] ERROR: KMSAN: valor uninit en pskb_may_pull include/linux/skbuff.h:2681 [en línea] ERROR: KMSAN: uninit -valor en dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 pskb_may_pull_reason include/linux/skbuff.h:2667 [en línea] pskb_may_pull include/linux/skbuff.h:2681 [en línea] dccp_v6_err+0x426/0x1aa0 net/ dccp/ipv6.c:94 icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867 icmpv6_rcv+0x19d5/0x30d0 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6 /ip6_input.c:483 [en línea] NF_HOOK include/linux/netfilter.h:304 [en línea] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst .h:468 [en línea] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:304 [en línea] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net /core/dev.c:5523 [en línea] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637 netif_receive_skb_internal net/core/dev.c:5723 [en línea] netif_receive_skb+0x58/0x660 net/core/dev.c :5782 tun_rx_batched+0x83b/0x920 tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [en línea] new_sync_write fs /read_write.c:491 [en línea] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [en línea] __se_sys_write fs/read_write.c :646 [en línea] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [en línea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+ 0x63/0xcd Uninit se creó en: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [en línea] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4 a0 neto/ core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [en línea] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313 sock_alloc_send_pskb+ 0xa80/0xbf0 net/core/sock.c:2795 controladores tun_alloc_skb/net/tun.c:1531 [en línea] tun_get_user+0x23cf/0x6940 controladores/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 controladores/net/tun. c:2048 call_write_iter include/linux/fs.h:1985 [en línea] new_sync_write fs/read_write.c:491 [en línea] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c: 637 __do_sys_write fs/read_write.c:649 [en línea] __se_sys_write fs/read_write.c:646 [en línea] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [en línea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/08/2023 (string)

}

]

id : CVE-2023-52577 (string)

lastModified : 2024-12-11T16:21:49.573 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-03-02T22:15:49.537 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969 (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-908 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kernel: dccp: out-of-bounds access in dccp_v4_err() and dccp_v6_err()", "id": "2267757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267757"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndccp: fix dccp_v4_err()/dccp_v6_err() again\ndh->dccph_x is the 9th byte (offset 8) in \"struct dccp_hdr\",\nnot in the \"byte 7\" as Jann claimed.\nWe need to make sure the ICMP messages are big enough,\nusing more standard ways (no more assumptions).\nsyzbot reported:\nBUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\nBUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline]\nBUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\npskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\ndccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\nicmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867\nicmpv6_rcv+0x19d5/0x30d0\nip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\nip6_input_finish net/ipv6/ip6_input.c:483 [inline]\nNF_HOOK include/linux/netfilter.h:304 [inline]\nip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\nip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\ndst_input include/net/dst.h:468 [inline]\nip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\nNF_HOOK include/linux/netfilter.h:304 [inline]\nipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n__netif_receive_skb_one_core net/core/dev.c:5523 [inline]\n__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637\nnetif_receive_skb_internal net/core/dev.c:5723 [inline]\nnetif_receive_skb+0x58/0x660 net/core/dev.c:5782\ntun_rx_batched+0x83b/0x920\ntun_get_user+0x564c/0x6940 drivers/net/tun.c:2002\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nUninit was created at:\nslab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\nslab_alloc_node mm/slub.c:3478 [inline]\nkmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n__alloc_skb+0x318/0x740 net/core/skbuff.c:650\nalloc_skb include/linux/skbuff.h:1286 [inline]\nalloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313\nsock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795\ntun_alloc_skb drivers/net/tun.c:1531 [inline]\ntun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nCPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023", "An out-of-bounds access flaw was found in dccp_v4_err() and dccp_v6_err() in the Linux kernel. This may lead to a crash."], "name": "CVE-2023-52577", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52577\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52577\nhttps://lore.kernel.org/linux-cve-announce/2024030257-CVE-2023-52577-2638@gregkh/T/#u"], "statement": "Red Hat has protection mechanisms in place against buffer overflows such as FORTIFY_SOURCE, Position Independent Executables, or Stack Smashing Protection.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : kernel: dccp: out-of-bounds access in dccp_v4_err() and dccp_v6_err() (string)

id : 2267757 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2267757 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-787 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccp_v4_err()/dccp_v6_err() again dh->dccph_x is the 9th byte (offset 8) in "struct dccp_hdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways (no more assumptions). syzbot reported: BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline] BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline] BUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 pskb_may_pull_reason include/linux/skbuff.h:2667 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867 icmpv6_rcv+0x19d5/0x30d0 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:304 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:468 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:304 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5523 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637 netif_receive_skb_internal net/core/dev.c:5723 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5782 tun_rx_batched+0x83b/0x920 tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 (string)

1 : An out-of-bounds access flaw was found in dccp_v4_err() and dccp_v6_err() in the Linux kernel. This may lead to a crash. (string)

]

name : CVE-2023-52577 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-03-02T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2023-52577 https://nvd.nist.gov/vuln/detail/CVE-2023-52577 https://lore.kernel.org/linux-cve-announce/2024030257-CVE-2023-52577-2638@gregkh/T/#u (string)

]

statement : Red Hat has protection mechanisms in place against buffer overflows such as FORTIFY_SOURCE, Position Independent Executables, or Stack Smashing Protection. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object