{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52524", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.317Z", "datePublished": "2024-03-02T21:52:30.995Z", "dateUpdated": "2024-12-19T08:21:26.973Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:21:26.973Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "dd6ff3f3862709ab1a12566e73b9d6a9b8f6e548", "lessThan": "191d87a19cf1005ecf41e1ae08d74e17379e8391", "status": "affected", "versionType": "git"}, {"version": "96f2c6f272ec04083d828de46285a7d7b17d1aad", "lessThan": "dba849cc98113b145c6e720122942c00b8012bdb", "status": "affected", "versionType": "git"}, {"version": "fc8429f8d86801f092fbfbd257c3af821ac0dcd3", "lessThan": "4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b", "status": "affected", "versionType": "git"}, {"version": "425d9d3a92df7d96b3cfb7ee5c240293a21cbde3", "lessThan": "7562780e32b84196731d57dd24563546fcf6d082", "status": "affected", "versionType": "git"}, {"version": "6709d4b7bc2e079241fdef15d1160581c5261c10", "lessThan": "29c16c2bf5866326d5fbc4a537b3997fcac23391", "status": "affected", "versionType": "git"}, {"version": "6709d4b7bc2e079241fdef15d1160581c5261c10", "lessThan": "dfc7f7a988dad34c3bf4c053124fb26aa6c5f916", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/llcp_core.c"], "versions": [{"version": "6.5", "status": "affected"}, {"version": "0", "lessThan": "6.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.258", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.198", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.135", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.57", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.7", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391"}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb"}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b"}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082"}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391"}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916"}], "title": "net: nfc: llcp: Add lock when modifying device list", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52524", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T20:30:07.758768Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:00.826Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.704Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.704Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52524", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T20:30:07.758768Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.885Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net: nfc: llcp: Add lock when modifying device list", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "dd6ff3f38627", "lessThan": "191d87a19cf1", "versionType": "git"}, {"status": "affected", "version": "96f2c6f272ec", "lessThan": "dba849cc9811", "versionType": "git"}, {"status": "affected", "version": "fc8429f8d868", "lessThan": "4837a192f6d0", "versionType": "git"}, {"status": "affected", "version": "425d9d3a92df", "lessThan": "7562780e32b8", "versionType": "git"}, {"status": "affected", "version": "6709d4b7bc2e", "lessThan": "29c16c2bf586", "versionType": "git"}, {"status": "affected", "version": "6709d4b7bc2e", "lessThan": "dfc7f7a988da", "versionType": "git"}], "programFiles": ["net/nfc/llcp_core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.5"}, {"status": "unaffected", "version": "0", "lessThan": "6.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.258", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.198", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.135", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.57", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.7", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/nfc/llcp_core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391"}, {"url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb"}, {"url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b"}, {"url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082"}, {"url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391"}, {"url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:32.352Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52524", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:48:32.352Z", "dateReserved": "2024-02-20T12:30:33.317Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:30.995Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEF23E2F-2D7D-429D-9A9D-3C3037DDF337", "versionEndExcluding": "5.4.258", "versionStartIncluding": "5.4.251", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BF9EEBD-3033-41C3-9E3C-16AFB9AF75A7", "versionEndExcluding": "5.10.198", "versionStartIncluding": "5.10.188", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2FDE0B2-2B57-44AB-9D8B-CB4E865DEB90", "versionEndExcluding": "5.15.135", "versionStartIncluding": "5.15.121", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "52806B93-9F14-4809-8A4B-10AC41AC10D1", "versionEndExcluding": "6.1.57", "versionStartIncluding": "6.1.39", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "237658B4-9F55-44A1-8440-9BFCDD0E6390", "versionEndExcluding": "6.5.7", "versionStartIncluding": "6.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: nfc: llcp: Agregar bloqueo al modificar la lista de dispositivos La lista de dispositivos necesita mantener su bloqueo asociado al modificarla, o la lista podr\u00eda corromperse, como descubri\u00f3 syzbot."}], "id": "CVE-2023-52524", "lastModified": "2025-01-13T20:00:51.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-02T22:15:48.263", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: nfc: llcp: Add lock when modifying device list", "id": "2267793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267793"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-414", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: nfc: llcp: Add lock when modifying device list\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered.", "A flaw was found in the net:nfc:llcp component in the Linux kernel that could allow for potential data corruption when the device list is accessed and modified, as there are no locks present to avoid concurrent modifications."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52524", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52524\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52524\nhttps://lore.kernel.org/linux-cve-announce/2024030253-CVE-2023-52524-a5e0@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability.", "threat_severity": "Moderate"}