PT-2023-9472 · Linux+7 · Linux Kernel+7

Published

2023-10-01

Updated

2025-09-29

CVE-2023-52522

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to possible store tearing in the neigh periodic work() function. It was found that an annotation was missing when deleting an RCU protected item from a list. To prevent store tearing, either rcu assign pointer() or WRITE ONCE() should be used on the writer side. The rcu deference(*np) is used by readers. The choice was made to use rcu assign pointer() for lockdep support, similar to neigh flush dev().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2024:2394

ALSA-2024:7000

ALSA-2024:7001

ALSA-2024_2394

ALSA-2025_16880

BDU:2024-07825

CESA-2024_7000

CESA-2024_7001

CVE-2023-52522

INFSA-2024_2394

INFSA-2024_7000

INFSA-2024_7001

OESA-2024-1482

OESA-2024-1483

OESA-2024-1484

OESA-2024-1485

OESA-2024-1486

OESA-2024-1487

RHSA-2024:2394

RHSA-2024:6993

RHSA-2024:6998

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024:9497

RHSA-2024:9498

RHSA-2024_2394

RHSA-2024_7000

RHSA-2024_7001

RLSA-2024:7001

USN-7332-1

USN-7332-2

USN-7332-3

USN-7342-1

USN-7344-1

USN-7344-2

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

Ubuntu

PT-2023-9472 · Linux+7 · Linux Kernel+7

CVE-2023-52522

Weakness Enumeration

Related Identifiers

Affected Products

References · 700