PT-2023-9472 · Linux+7 · Linux Kernel+7

Publicado

2023-10-01

Atualizado

2025-09-29

CVE-2023-52522

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to possible store tearing in the neigh periodic work() function. It was found that an annotation was missing when deleting an RCU protected item from a list. To prevent store tearing, either rcu assign pointer() or WRITE ONCE() should be used on the writer side. The rcu deference(*np) is used by readers. The choice was made to use rcu assign pointer() for lockdep support, similar to neigh flush dev().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALSA-2024:2394

ALSA-2024:7000

ALSA-2024:7001

ALSA-2024_2394

ALSA-2025_16880

BDU:2024-07825

CESA-2024_7000

CESA-2024_7001

CVE-2023-52522

INFSA-2024_2394

INFSA-2024_7000

INFSA-2024_7001

OESA-2024-1482

OESA-2024-1483

OESA-2024-1484

OESA-2024-1485

OESA-2024-1486

OESA-2024-1487

RHSA-2024:2394

RHSA-2024:6993

RHSA-2024:6998

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024:9497

RHSA-2024:9498

RHSA-2024_2394

RHSA-2024_7000

RHSA-2024_7001

RLSA-2024:7001

USN-7332-1

USN-7332-2

USN-7332-3

USN-7342-1

USN-7344-1

USN-7344-2

Produtos afetados

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

Ubuntu

PT-2023-9472 · Linux+7 · Linux Kernel+7

CVE-2023-52522

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 700