PT-2023-9477 · Linux+8 · Linux Kernel+8

Bernard Metzler

·

Published

2023-09-11

·

Updated

2025-09-29

·

CVE-2023-52513

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a NULL pointer dereference in the RDMA/siw component of the Linux kernel. When immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. However, this special case was not handled correctly by the code handling the later TCP socket close, causing a NULL dereference crash in siw cm work handler() when dereferencing a NULL listener. The patch also simplifies MPA processing in general by suppressing scheduling of useless TCP socket reads in sk data ready() upcall if the socket is already moved out of TCP ESTABLISHED state.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:3618
ALSA-2024:3627
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2023-8487
BDU:2024-07830
CESA-2024_3618
CESA-2024_3627
CVE-2023-52513
INFSA-2024_3618
INFSA-2024_3627
INFSA-2024_9315
OESA-2025-1095
OPENSUSE-SU-2024_1321-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1490-1
RHSA-2024:3618
RHSA-2024:3627
RHSA-2024:9315
RHSA-2024_3618
RHSA-2024_3627
RHSA-2024_9315
RHSA-2026:0173
RLSA-2024:3618
RLSA-2024:3627
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse