CVE-2023-52845 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z

Link	Providers
https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579
https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0
https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6
https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8
https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4
https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709
https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d
https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04
https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294
https://lore.kernel.org/linux-cve-announce/2024052112-CVE-2023-52845-0245@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52845
https://www.cve.org/CVERecord?id=CVE-2023-52845

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-908
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat Redhat enterprise Linux

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52845", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.254Z", "datePublished": "2024-05-21T15:31:43.181Z", "dateUpdated": "2025-04-09T14:51:12.702Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-04-09T14:51:12.702Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Change nla_policy for bearer-related names to NLA_NUL_STRING\n\nsyzbot reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]\nBUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756\n strlen lib/string.c:418 [inline]\n strstr+0xb8/0x2f0 lib/string.c:756\n tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595\n genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]\n genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066\n netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545\n genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\n slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n __alloc_skb+0x318/0x740 net/core/skbuff.c:650\n alloc_skb include/linux/skbuff.h:1286 [inline]\n netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]\n netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nTIPC bearer-related names including link names must be null-terminated\nstrings. If a link name which is not null-terminated is passed through\nnetlink, strstr() and similar functions can cause buffer overrun. This\ncauses the above issue.\n\nThis patch changes the nla_policy for bearer-related names from NLA_STRING\nto NLA_NUL_STRING. This resolves the issue by ensuring that only\nnull-terminated strings are accepted as bearer-related names.\n\nsyzbot reported similar uninit-value issue related to bearer names [2]. The\nroot cause of this issue is that a non-null-terminated bearer name was\npassed. This patch also resolved this issue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/tipc/netlink.c"], "versions": [{"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "6744008c354bca2e4686a5b6056ee6b535d9f67d", "status": "affected", "versionType": "git"}, {"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "2426425d686b43adbc4f2f4a367b494f06f159d6", "status": "affected", "versionType": "git"}, {"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "2199260c42e6fbc5af8adae3bf78e623407c91b0", "status": "affected", "versionType": "git"}, {"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "b33d130f07f1decd756b849ab03c23d11d4dd294", "status": "affected", "versionType": "git"}, {"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "3907b89cd17fcc23e9a80789c36856f00ece0ba8", "status": "affected", "versionType": "git"}, {"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4", "status": "affected", "versionType": "git"}, {"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "abc1582119e8c4af14cedb0db6541fd603f45a04", "status": "affected", "versionType": "git"}, {"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "560992f41c0cea44b7603bc9e6c73bffbf6b5709", "status": "affected", "versionType": "git"}, {"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "19b3f72a41a8751e26bffc093bb7e1cef29ad579", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/tipc/netlink.c"], "versions": [{"version": "3.19", "status": "affected"}, {"version": "0", "lessThan": "3.19", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.330", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.299", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.261", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.201", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.139", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.63", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.12", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.2", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d"}, {"url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6"}, {"url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0"}, {"url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294"}, {"url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8"}, {"url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4"}, {"url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04"}, {"url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709"}, {"url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579"}], "title": "tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING", "x_generator": {"engine": "bippy-7c5fe7eed585"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.894Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52845", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:36:31.255258Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:54.283Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-52845 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-05-21T15:19:24.254Z (string)

datePublished : 2024-05-21T15:31:43.181Z (string)

dateUpdated : 2025-04-09T14:51:12.702Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-04-09T14:51:12.702Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [inline] strstr+0xb8/0x2f0 lib/string.c:756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline] genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd TIPC bearer-related names including link names must be null-terminated strings. If a link name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This causes the above issue. This patch changes the nla_policy for bearer-related names from NLA_STRING to NLA_NUL_STRING. This resolves the issue by ensuring that only null-terminated strings are accepted as bearer-related names. syzbot reported similar uninit-value issue related to bearer names [2]. The root cause of this issue is that a non-null-terminated bearer name was passed. This patch also resolved this issue. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/tipc/netlink.c (string)

]

versions : [ »

0 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 6744008c354bca2e4686a5b6056ee6b535d9f67d (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 2426425d686b43adbc4f2f4a367b494f06f159d6 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 2199260c42e6fbc5af8adae3bf78e623407c91b0 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : b33d130f07f1decd756b849ab03c23d11d4dd294 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 3907b89cd17fcc23e9a80789c36856f00ece0ba8 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : abc1582119e8c4af14cedb0db6541fd603f45a04 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 560992f41c0cea44b7603bc9e6c73bffbf6b5709 (string)

status : affected (string)

versionType : git (string)

}

8 : { »

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 19b3f72a41a8751e26bffc093bb7e1cef29ad579 (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/tipc/netlink.c (string)

]

versions : [ »

0 : { »

version : 3.19 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 3.19 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.14.330 (string)

lessThanOrEqual : 4.14.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 4.19.299 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 5.4.261 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 5.10.201 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 5.15.139 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 6.1.63 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 6.5.12 (string)

lessThanOrEqual : 6.5.* (string)

status : unaffected (string)

versionType : semver (string)

}

9 : { »

version : 6.6.2 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

10 : { »

version : 6.7 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d (string)

}

1 : { »

url : https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 (string)

}

8 : { »

url : https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 (string)

}

]

title : tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (string)

x_generator : { »

engine : bippy-7c5fe7eed585 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T23:11:35.894Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-52845 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T15:36:31.255258Z (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T17:32:54.283Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.894Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52845", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:36:31.255258Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:13.338Z"}}], "cna": {"title": "tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "6744008c354bca2e4686a5b6056ee6b535d9f67d", "versionType": "git"}, {"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "2426425d686b43adbc4f2f4a367b494f06f159d6", "versionType": "git"}, {"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "2199260c42e6fbc5af8adae3bf78e623407c91b0", "versionType": "git"}, {"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "b33d130f07f1decd756b849ab03c23d11d4dd294", "versionType": "git"}, {"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "3907b89cd17fcc23e9a80789c36856f00ece0ba8", "versionType": "git"}, {"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4", "versionType": "git"}, {"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "abc1582119e8c4af14cedb0db6541fd603f45a04", "versionType": "git"}, {"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "560992f41c0cea44b7603bc9e6c73bffbf6b5709", "versionType": "git"}, {"status": "affected", "version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf", "lessThan": "19b3f72a41a8751e26bffc093bb7e1cef29ad579", "versionType": "git"}], "programFiles": ["net/tipc/netlink.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.19"}, {"status": "unaffected", "version": "0", "lessThan": "3.19", "versionType": "semver"}, {"status": "unaffected", "version": "4.14.330", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.299", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.261", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.201", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.139", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.63", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.12", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.2", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/tipc/netlink.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d"}, {"url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6"}, {"url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0"}, {"url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294"}, {"url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8"}, {"url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4"}, {"url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04"}, {"url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709"}, {"url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579"}], "x_generator": {"engine": "bippy-7c5fe7eed585"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Change nla_policy for bearer-related names to NLA_NUL_STRING\n\nsyzbot reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]\nBUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756\n strlen lib/string.c:418 [inline]\n strstr+0xb8/0x2f0 lib/string.c:756\n tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595\n genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]\n genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066\n netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545\n genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\n slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n __alloc_skb+0x318/0x740 net/core/skbuff.c:650\n alloc_skb include/linux/skbuff.h:1286 [inline]\n netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]\n netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nTIPC bearer-related names including link names must be null-terminated\nstrings. If a link name which is not null-terminated is passed through\nnetlink, strstr() and similar functions can cause buffer overrun. This\ncauses the above issue.\n\nThis patch changes the nla_policy for bearer-related names from NLA_STRING\nto NLA_NUL_STRING. This resolves the issue by ensuring that only\nnull-terminated strings are accepted as bearer-related names.\n\nsyzbot reported similar uninit-value issue related to bearer names [2]. The\nroot cause of this issue is that a non-null-terminated bearer name was\npassed. This patch also resolved this issue."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-04-09T14:51:12.702Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52845", "state": "PUBLISHED", "dateUpdated": "2025-04-09T14:51:12.702Z", "dateReserved": "2024-05-21T15:19:24.254Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:31:43.181Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T23:11:35.894Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-52845 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T15:36:31.255258Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T12:42:13.338Z (string)

}

]

cna : { »

title : tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 6744008c354bca2e4686a5b6056ee6b535d9f67d (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 2426425d686b43adbc4f2f4a367b494f06f159d6 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 2199260c42e6fbc5af8adae3bf78e623407c91b0 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : b33d130f07f1decd756b849ab03c23d11d4dd294 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 3907b89cd17fcc23e9a80789c36856f00ece0ba8 (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : abc1582119e8c4af14cedb0db6541fd603f45a04 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 560992f41c0cea44b7603bc9e6c73bffbf6b5709 (string)

versionType : git (string)

}

8 : { »

status : affected (string)

version : 0655f6a8635b1b66f2434d5556b1044c14b1ccaf (string)

lessThan : 19b3f72a41a8751e26bffc093bb7e1cef29ad579 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : net/tipc/netlink.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 3.19 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 3.19 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 4.14.330 (string)

versionType : semver (string)

lessThanOrEqual : 4.14.* (string)

}

3 : { »

status : unaffected (string)

version : 4.19.299 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

4 : { »

status : unaffected (string)

version : 5.4.261 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

5 : { »

status : unaffected (string)

version : 5.10.201 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

6 : { »

status : unaffected (string)

version : 5.15.139 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

7 : { »

status : unaffected (string)

version : 6.1.63 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

8 : { »

status : unaffected (string)

version : 6.5.12 (string)

versionType : semver (string)

lessThanOrEqual : 6.5.* (string)

}

9 : { »

status : unaffected (string)

version : 6.6.2 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

10 : { »

status : unaffected (string)

version : 6.7 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : net/tipc/netlink.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d (string)

}

1 : { »

url : https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 (string)

}

8 : { »

url : https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 (string)

}

]

x_generator : { »

engine : bippy-7c5fe7eed585 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [inline] strstr+0xb8/0x2f0 lib/string.c:756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline] genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd TIPC bearer-related names including link names must be null-terminated strings. If a link name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This causes the above issue. This patch changes the nla_policy for bearer-related names from NLA_STRING to NLA_NUL_STRING. This resolves the issue by ensuring that only null-terminated strings are accepted as bearer-related names. syzbot reported similar uninit-value issue related to bearer names [2]. The root cause of this issue is that a non-null-terminated bearer name was passed. This patch also resolved this issue. (string)

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-04-09T14:51:12.702Z (string)

}

cveMetadata : { »

cveId : CVE-2023-52845 (string)

state : PUBLISHED (string)

dateUpdated : 2025-04-09T14:51:12.702Z (string)

dateReserved : 2024-05-21T15:19:24.254Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-05-21T15:31:43.181Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D55230F7-7217-4456-9084-D546ABA9C781", "versionEndExcluding": "4.14.330", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F51D1457-86F8-4A6C-A7B9-323058B3C5E8", "versionEndExcluding": "4.19.299", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "286E50BB-5A21-49BA-A6E5-526C72ADFE34", "versionEndExcluding": "5.4.261", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF1ADC4E-CCC4-498A-876F-5136DDD36C1D", "versionEndExcluding": "5.10.201", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "81424D14-B38F-47B3-A1B8-BC3B60BB96EA", "versionEndExcluding": "5.15.139", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "80E1EA7E-2788-466C-9FFB-34AFA1B052F0", "versionEndExcluding": "6.1.63", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "825F64D9-E99F-49AA-8A7B-EF7C2965C5B2", "versionEndExcluding": "6.5.12", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CBFF885-A4D3-4F21-B6FD-4D770034C048", "versionEndExcluding": "6.6.2", "versionStartIncluding": "6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Change nla_policy for bearer-related names to NLA_NUL_STRING\n\nsyzbot reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]\nBUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756\n strlen lib/string.c:418 [inline]\n strstr+0xb8/0x2f0 lib/string.c:756\n tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595\n genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]\n genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066\n netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545\n genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\n slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n __alloc_skb+0x318/0x740 net/core/skbuff.c:650\n alloc_skb include/linux/skbuff.h:1286 [inline]\n netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]\n netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nTIPC bearer-related names including link names must be null-terminated\nstrings. If a link name which is not null-terminated is passed through\nnetlink, strstr() and similar functions can cause buffer overrun. This\ncauses the above issue.\n\nThis patch changes the nla_policy for bearer-related names from NLA_STRING\nto NLA_NUL_STRING. This resolves the issue by ensuring that only\nnull-terminated strings are accepted as bearer-related names.\n\nsyzbot reported similar uninit-value issue related to bearer names [2]. The\nroot cause of this issue is that a non-null-terminated bearer name was\npassed. This patch also resolved this issue."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tipc: Cambiar nla_policy para nombres relacionados con el portador a NLA_NUL_STRING syzbot inform\u00f3 el siguiente problema de acceso de valor uninit [1]: ============== ======================================= BUG: KMSAN: valor uninit en strlen lib/ string.c:418 [en l\u00ednea] BUG: KMSAN: valor uninit en strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [en l\u00ednea] strstr+0xb8/0x2f0 lib/string.c: 756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [en l\u00ednea] genl_family_rcv_msg net/netlink/genetlink.c:1051 [en l\u00ednea] 0x1290 red/enlace de red/ genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [en l\u00ednea] netlink_unicast+0xf47/ 0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] sock_sendmsg net/socket.c:753 [en l\u00ednea] 2/ 0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2633 [en l\u00ednea] __se_sys_sendmsg red/socket. c:2631 [en l\u00ednea] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0 x63/ 0xcd Uninit se cre\u00f3 en: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [en l\u00ednea] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/ n\u00facleo/ skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [en l\u00ednea] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [en l\u00ednea] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] sock_sendmsg net/socket.c:753 [en l\u00ednea] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/ socket.c:2595 __sys_sendmsg net/socket.c:2624 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2633 [en l\u00ednea] __se_sys_sendmsg net/socket.c:2631 [en l\u00ednea] __x64_sys_sendmsg+0x307/0x490 :2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd Los nombres relacionados con el portador TIPC, incluidos los nombres de enlaces, deben ser cadenas terminadas en nulo . Si un nombre de enlace que no termina en nulo se pasa a trav\u00e9s de netlink, strstr() y funciones similares pueden provocar una saturaci\u00f3n del b\u00fafer. Esto causa el problema anterior. Este parche cambia la nla_policy para nombres relacionados con el portador de NLA_STRING a NLA_NUL_STRING. Esto resuelve el problema garantizando que s\u00f3lo se acepten cadenas terminadas en nulo como nombres relacionados con el portador. syzbot inform\u00f3 un problema similar de valor uninitario relacionado con los nombres de los portadores [2]. La causa principal de este problema es que se pas\u00f3 un nombre de portador no terminado en nulo. Este parche tambi\u00e9n resolvi\u00f3 este problema."}], "id": "CVE-2023-52845", "lastModified": "2025-01-31T16:01:53.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T16:15:21.723", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D55230F7-7217-4456-9084-D546ABA9C781 (string)

versionEndExcluding : 4.14.330 (string)

versionStartIncluding : 3.19 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F51D1457-86F8-4A6C-A7B9-323058B3C5E8 (string)

versionEndExcluding : 4.19.299 (string)

versionStartIncluding : 4.15 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 286E50BB-5A21-49BA-A6E5-526C72ADFE34 (string)

versionEndExcluding : 5.4.261 (string)

versionStartIncluding : 4.20 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AF1ADC4E-CCC4-498A-876F-5136DDD36C1D (string)

versionEndExcluding : 5.10.201 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 81424D14-B38F-47B3-A1B8-BC3B60BB96EA (string)

versionEndExcluding : 5.15.139 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 80E1EA7E-2788-466C-9FFB-34AFA1B052F0 (string)

versionEndExcluding : 6.1.63 (string)

versionStartIncluding : 5.16 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 825F64D9-E99F-49AA-8A7B-EF7C2965C5B2 (string)

versionEndExcluding : 6.5.12 (string)

versionStartIncluding : 6.2 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4CBFF885-A4D3-4F21-B6FD-4D770034C048 (string)

versionEndExcluding : 6.6.2 (string)

versionStartIncluding : 6.6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [inline] strstr+0xb8/0x2f0 lib/string.c:756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline] genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd TIPC bearer-related names including link names must be null-terminated strings. If a link name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This causes the above issue. This patch changes the nla_policy for bearer-related names from NLA_STRING to NLA_NUL_STRING. This resolves the issue by ensuring that only null-terminated strings are accepted as bearer-related names. syzbot reported similar uninit-value issue related to bearer names [2]. The root cause of this issue is that a non-null-terminated bearer name was passed. This patch also resolved this issue. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tipc: Cambiar nla_policy para nombres relacionados con el portador a NLA_NUL_STRING syzbot informó el siguiente problema de acceso de valor uninit [1]: ============== ======================================= BUG: KMSAN: valor uninit en strlen lib/ string.c:418 [en línea] BUG: KMSAN: valor uninit en strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [en línea] strstr+0xb8/0x2f0 lib/string.c: 756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [en línea] genl_family_rcv_msg net/netlink/genetlink.c:1051 [en línea] 0x1290 red/enlace de red/ genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [en línea] netlink_unicast+0xf47/ 0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [en línea] sock_sendmsg net/socket.c:753 [en línea] 2/ 0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [en línea] __do_sys_sendmsg net/socket.c:2633 [en línea] __se_sys_sendmsg red/socket. c:2631 [en línea] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [en línea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0 x63/ 0xcd Uninit se creó en: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [en línea] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/ núcleo/ skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [en línea] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [en línea] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [en línea] sock_sendmsg net/socket.c:753 [en línea] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/ socket.c:2595 __sys_sendmsg net/socket.c:2624 [en línea] __do_sys_sendmsg net/socket.c:2633 [en línea] __se_sys_sendmsg net/socket.c:2631 [en línea] __x64_sys_sendmsg+0x307/0x490 :2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd Los nombres relacionados con el portador TIPC, incluidos los nombres de enlaces, deben ser cadenas terminadas en nulo . Si un nombre de enlace que no termina en nulo se pasa a través de netlink, strstr() y funciones similares pueden provocar una saturación del búfer. Esto causa el problema anterior. Este parche cambia la nla_policy para nombres relacionados con el portador de NLA_STRING a NLA_NUL_STRING. Esto resuelve el problema garantizando que sólo se acepten cadenas terminadas en nulo como nombres relacionados con el portador. syzbot informó un problema similar de valor uninitario relacionado con los nombres de los portadores [2]. La causa principal de este problema es que se pasó un nombre de portador no terminado en nulo. Este parche también resolvió este problema. (string)

}

]

id : CVE-2023-52845 (string)

lastModified : 2025-01-31T16:01:53.260 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-05-21T16:15:21.723 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 (string)

}

8 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-908 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}], "bugzilla": {"description": "kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING", "id": "2282759", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282759"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntipc: Change nla_policy for bearer-related names to NLA_NUL_STRING\nsyzbot reported the following uninit-value access issue [1]:\n=====================================================\nBUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]\nBUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756\nstrlen lib/string.c:418 [inline]\nstrstr+0xb8/0x2f0 lib/string.c:756\ntipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]\ngenl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066\nnetlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545\ngenl_rcv+0x40/0x60 net/netlink/genetlink.c:1075\nnetlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\nnetlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368\nnetlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\nsock_sendmsg_nosec net/socket.c:730 [inline]\nsock_sendmsg net/socket.c:753 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n__sys_sendmsg net/socket.c:2624 [inline]\n__do_sys_sendmsg net/socket.c:2633 [inline]\n__se_sys_sendmsg net/socket.c:2631 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nUninit was created at:\nslab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\nslab_alloc_node mm/slub.c:3478 [inline]\nkmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n__alloc_skb+0x318/0x740 net/core/skbuff.c:650\nalloc_skb include/linux/skbuff.h:1286 [inline]\nnetlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]\nnetlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885\nsock_sendmsg_nosec net/socket.c:730 [inline]\nsock_sendmsg net/socket.c:753 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n__sys_sendmsg net/socket.c:2624 [inline]\n__do_sys_sendmsg net/socket.c:2633 [inline]\n__se_sys_sendmsg net/socket.c:2631 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nTIPC bearer-related names including link names must be null-terminated\nstrings. If a link name which is not null-terminated is passed through\nnetlink, strstr() and similar functions can cause buffer overrun. This\ncauses the above issue.\nThis patch changes the nla_policy for bearer-related names from NLA_STRING\nto NLA_NUL_STRING. This resolves the issue by ensuring that only\nnull-terminated strings are accepted as bearer-related names.\nsyzbot reported similar uninit-value issue related to bearer names [2]. The\nroot cause of this issue is that a non-null-terminated bearer name was\npassed. This patch also resolved this issue."], "name": "CVE-2023-52845", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52845\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52845\nhttps://lore.kernel.org/linux-cve-announce/2024052112-CVE-2023-52845-0245@gregkh/T"], "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2024:5102 (string)

cpe : cpe:/a:redhat:enterprise_linux:8::nfv (string)

package : kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2024-08-08T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:5101 (string)

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

package : kernel-0:4.18.0-553.16.1.el8_10 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2024-08-08T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (string)

id : 2282759 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2282759 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 4.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-476 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [inline] strstr+0xb8/0x2f0 lib/string.c:756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline] genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd TIPC bearer-related names including link names must be null-terminated strings. If a link name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This causes the above issue. This patch changes the nla_policy for bearer-related names from NLA_STRING to NLA_NUL_STRING. This resolves the issue by ensuring that only null-terminated strings are accepted as bearer-related names. syzbot reported similar uninit-value issue related to bearer names [2]. The root cause of this issue is that a non-null-terminated bearer name was passed. This patch also resolved this issue. (string)

]

name : CVE-2023-52845 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Fix deferred (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-05-21T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2023-52845 https://nvd.nist.gov/vuln/detail/CVE-2023-52845 https://lore.kernel.org/linux-cve-announce/2024052112-CVE-2023-52845-0245@gregkh/T (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object