CVE-2023-52583 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will always be set from the callers, let's just remove it.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160
https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980
https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67
https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e
https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca
https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085
https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3
https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024030641-CVE-2023-52583-fd38@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52583
https://www.cve.org/CVERecord?id=CVE-2023-52583

History

Mon, 03 Feb 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::*
Vendors & Products		Debian Debian debian Linux

Mon, 03 Feb 2025 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mon, 04 Nov 2024 13:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-06T06:45:19.319Z

Updated: 2025-05-04T07:39:12.524Z

Reserved: 2024-03-02T21:55:42.569Z

Link: CVE-2023-52583

Vulnrichment

Updated: 2024-08-02T23:03:21.182Z

NVD

Status : Analyzed

Published: 2024-03-06T07:15:06.553

Modified: 2025-02-03T14:18:13.147

Link: CVE-2023-52583

Redhat

Severity : Moderate

Publid Date: 2024-03-06T00:00:00Z

Links: CVE-2023-52583 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52583", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-02T21:55:42.569Z", "datePublished": "2024-03-06T06:45:19.319Z", "dateUpdated": "2025-05-04T07:39:12.524Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:39:12.524Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ceph/caps.c"], "versions": [{"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6", "status": "affected", "versionType": "git"}, {"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "6ab4fd508fad942f1f1ba940492f2735e078e980", "status": "affected", "versionType": "git"}, {"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "e016e358461b89b231626fcf78c5c38e35c44fd3", "status": "affected", "versionType": "git"}, {"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "a9c15d6e8aee074fae66c04d114f20b84274fcca", "status": "affected", "versionType": "git"}, {"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "7f2649c94264d00df6b6ac27161e9f4372a3450e", "status": "affected", "versionType": "git"}, {"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "196b87e5c00ce021e164a5de0f0d04f4116a9160", "status": "affected", "versionType": "git"}, {"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "76cb2aa3421fee4fde706dec41b1344bc0a9ad67", "status": "affected", "versionType": "git"}, {"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "b493ad718b1f0357394d2cdecbf00a44a36fa085", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ceph/caps.c"], "versions": [{"version": "2.6.34", "status": "affected"}, {"version": "0", "lessThan": "2.6.34", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.307", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.269", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.77", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.16", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "4.19.307"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "5.4.269"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "5.10.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "5.15.149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.1.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.6.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.7.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.34", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"}, {"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"}, {"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"}, {"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"}, {"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"}, {"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"}, {"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"}, {"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"}], "title": "ceph: fix deadlock or deadcode of misusing dget()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T16:25:29.028372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:24:14.471Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.182Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.182Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T16:25:29.028372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.619Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "ceph: fix deadlock or deadcode of misusing dget()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6", "versionType": "git"}, {"status": "affected", "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "6ab4fd508fad942f1f1ba940492f2735e078e980", "versionType": "git"}, {"status": "affected", "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "e016e358461b89b231626fcf78c5c38e35c44fd3", "versionType": "git"}, {"status": "affected", "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "a9c15d6e8aee074fae66c04d114f20b84274fcca", "versionType": "git"}, {"status": "affected", "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "7f2649c94264d00df6b6ac27161e9f4372a3450e", "versionType": "git"}, {"status": "affected", "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "196b87e5c00ce021e164a5de0f0d04f4116a9160", "versionType": "git"}, {"status": "affected", "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "76cb2aa3421fee4fde706dec41b1344bc0a9ad67", "versionType": "git"}, {"status": "affected", "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f", "lessThan": "b493ad718b1f0357394d2cdecbf00a44a36fa085", "versionType": "git"}], "programFiles": ["fs/ceph/caps.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.34"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.34", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.307", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.269", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.77", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.16", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ceph/caps.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"}, {"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"}, {"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"}, {"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"}, {"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"}, {"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"}, {"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"}, {"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.307", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.269", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.210", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.149", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.77", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.16", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.4", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "2.6.34"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:39:12.524Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52583", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:39:12.524Z", "dateReserved": "2024-03-02T21:55:42.569Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-06T06:45:19.319Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B4E1A83-9957-4265-94C0-516374C8CCFD", "versionEndExcluding": "4.19.307", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "319545F3-D56C-4751-BEBF-0505478BBAE8", "versionEndExcluding": "5.4.269", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5CB4CA6-A9A0-4AFD-9102-8CF94D708170", "versionEndExcluding": "5.10.210", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD", "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FA28946-970D-4F4D-B759-4E77B28809B5", "versionEndExcluding": "6.1.77", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8", "versionEndExcluding": "6.6.16", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78", "versionEndExcluding": "6.7.4", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ceph: corrige el punto muerto o el c\u00f3digo muerto por uso incorrecto de dget() El orden de bloqueo es incorrecto entre denty y su padre, siempre debemos asegurarnos de que el padre obtenga el bloqueo primero. Pero dado que este c\u00f3digo muerto nunca se usa y el directorio principal siempre ser\u00e1 configurado por quienes llaman, simplemente elimin\u00e9moslo."}], "id": "CVE-2023-52583", "lastModified": "2025-02-03T14:18:13.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-06T07:15:06.553", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ceph: fix deadlock or deadcode of misusing dget()", "id": "2268339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268339"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nceph: fix deadlock or deadcode of misusing dget()\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it.", "A flaw was found in the Linux kernel, caused by an incorrect lock ordering between a directory entry and its parent directory in the kernel\u2019s Ceph filesystem implementation; the expected behavior is for the parent directory to always lock before its child. While the associated deadcode isn't actively used, it presents a risk of deadlock which could potentially cause system instability or crashes."], "name": "CVE-2023-52583", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52583\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52583\nhttps://lore.kernel.org/linux-cve-announce/2024030641-CVE-2023-52583-fd38@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object