{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52612", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.088Z", "datePublished": "2024-03-18T10:07:47.204Z", "dateUpdated": "2024-12-19T08:22:36.145Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:22:36.145Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: scomp - fix req->dst buffer overflow\n\nThe req->dst buffer size should be checked before copying from the\nscomp_scratch->dst to avoid req->dst buffer overflow problem."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/scompress.c"], "versions": [{"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1", "lessThan": "1142d65c5b881590962ad763f94505b6dd67d2fe", "status": "affected", "versionType": "git"}, {"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1", "lessThan": "e0e3f4a18784182cfe34e20c00eca11e78d53e76", "status": "affected", "versionType": "git"}, {"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1", "lessThan": "4518dc468cdd796757190515a9be7408adc8911e", "status": "affected", "versionType": "git"}, {"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1", "lessThan": "a5f2f91b3fd7387e5102060809316a0f8f0bc625", "status": "affected", "versionType": "git"}, {"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1", "lessThan": "4df0c942d04a67df174195ad8082f6e30e7f71a5", "status": "affected", "versionType": "git"}, {"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1", "lessThan": "7d9e5bed036a7f9e2062a137e97e3c1e77fb8759", "status": "affected", "versionType": "git"}, {"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1", "lessThan": "71c6670f9f032ec67d8f4e3f8db4646bf5a62883", "status": "affected", "versionType": "git"}, {"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1", "lessThan": "744e1885922a9943458954cfea917b31064b4131", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/scompress.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.306", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.268", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.209", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe"}, {"url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76"}, {"url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e"}, {"url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625"}, {"url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5"}, {"url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759"}, {"url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883"}, {"url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131"}], "title": "crypto: scomp - fix req->dst buffer overflow", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52612", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-18T15:42:02.603013Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:24:15.790Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.332Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.332Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52612", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-18T15:42:02.603013Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:18.389Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "crypto: scomp - fix req->dst buffer overflow", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1ab53a77b772", "lessThan": "1142d65c5b88", "versionType": "git"}, {"status": "affected", "version": "1ab53a77b772", "lessThan": "e0e3f4a18784", "versionType": "git"}, {"status": "affected", "version": "1ab53a77b772", "lessThan": "4518dc468cdd", "versionType": "git"}, {"status": "affected", "version": "1ab53a77b772", "lessThan": "a5f2f91b3fd7", "versionType": "git"}, {"status": "affected", "version": "1ab53a77b772", "lessThan": "4df0c942d04a", "versionType": "git"}, {"status": "affected", "version": "1ab53a77b772", "lessThan": "7d9e5bed036a", "versionType": "git"}, {"status": "affected", "version": "1ab53a77b772", "lessThan": "71c6670f9f03", "versionType": "git"}, {"status": "affected", "version": "1ab53a77b772", "lessThan": "744e1885922a", "versionType": "git"}], "programFiles": ["crypto/scompress.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.10"}, {"status": "unaffected", "version": "0", "lessThan": "4.10", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.306", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.268", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.209", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.148", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.75", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.14", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.2", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["crypto/scompress.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe"}, {"url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76"}, {"url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e"}, {"url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625"}, {"url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5"}, {"url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759"}, {"url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883"}, {"url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: scomp - fix req->dst buffer overflow\n\nThe req->dst buffer size should be checked before copying from the\nscomp_scratch->dst to avoid req->dst buffer overflow problem."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:34:33.345Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52612", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:34:33.345Z", "dateReserved": "2024-03-06T09:52:12.088Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-18T10:07:47.204Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: scomp - fix req->dst buffer overflow\n\nThe req->dst buffer size should be checked before copying from the\nscomp_scratch->dst to avoid req->dst buffer overflow problem."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: scomp - corrige el desbordamiento del b\u00fafer req->dst. El tama\u00f1o del b\u00fafer req->dst debe verificarse antes de copiar desde scomp_scratch->dst para evitar el problema de desbordamiento del b\u00fafer req->dst. ."}], "id": "CVE-2023-52612", "lastModified": "2024-11-21T08:40:11.830", "metrics": {}, "published": "2024-03-18T11:15:08.317", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: crypto: scomp - fix req->dst buffer overflow", "id": "2270075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270075"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncrypto: scomp - fix req->dst buffer overflow\nThe req->dst buffer size should be checked before copying from the\nscomp_scratch->dst to avoid req->dst buffer overflow problem.", "A vulnerability was found in scomp component Linux Kernel causing a buffer overflow in the req->dst buffer. This occurred because the buffer size was not checked before copying data from scomp_scratch->dst, leading to potential overflow and DoS."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52612", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52612\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52612\nhttps://lore.kernel.org/linux-cve-announce/[email protected]/T"], "statement": "Red Hat has protection mechanisms in place against buffer overflows, such as FORTIFY_SOURCE, Position Independent Executables or Stack Smashing Protection.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.306, kernel 5.4.268, kernel 5.10.209, kernel 5.15.148, kernel 6.1.75, kernel 6.6.14, kernel 6.7.2, kernel 6.8"}