CVE-2023-52502

net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()

Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.

Getting a reference on the socket found in a lookup while
holding a lock should happen before releasing the lock.

nfc_llcp_sock_get_sn() has a similar problem.

Finally nfc_llcp_recv_snl() needs to make sure the socket
found by nfc_llcp_sock_from_sn() does not disappear.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-03-02 CVE Published
2024-03-03 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/8f50020ed9b81ba909ce9573f9d05263cdebf502	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a	2023-10-25
https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d	2023-10-25
https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9	2023-10-25
https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8	2023-10-19
https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc	2023-10-19
https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c	2023-10-19
https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93	2023-10-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 4.19.297 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.19.297"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 5.4.259 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.4.259"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 5.10.199 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.10.199"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 5.15.136 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 5.15.136"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 6.1.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 6.1.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 6.5.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 6.5.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.6 < 6.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 6.6"		en		Affected