CVE-2023-52522

net: fix possible store tearing in neigh_periodic_work()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

NVD
RedHat

In the Linux kernel, the following vulnerability has been resolved:

net: fix possible store tearing in neigh_periodic_work()

While looking at a related syzbot report involving neigh_periodic_work(),
I found that I forgot to add an annotation when deleting an
RCU protected item from a list.

Readers use rcu_deference(*np), we need to use either
rcu_assign_pointer() or WRITE_ONCE() on writer side
to prevent store tearing.

I use rcu_assign_pointer() to have lockdep support,
this was the choice made in neigh_flush_dev().

A flaw was found in the Linux kernel that allows for potential store tearing within the neigh_periodic_work() function, meaning a write operation on a value is not protected properly and could result in inconsistencies if another process or thread reads from that value before the operation is complete.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-03-02 CVE Published
2024-03-03 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/767e97e1e0db0d0f3152cd2f3bd3403596aedbad	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/95eabb075a5902f4c0834ab1fb12dc35730c05af	2023-10-10
https://git.kernel.org/stable/c/2ea52a2fb8e87067e26bbab4efb8872639240eb0	2023-10-10
https://git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa	2023-10-10
https://git.kernel.org/stable/c/f82aac8162871e87027692b36af335a2375d4580	2023-10-10
https://git.kernel.org/stable/c/a75152d233370362eebedb2643592e7c883cc9fc	2023-10-10
https://git.kernel.org/stable/c/25563b581ba3a1f263a00e8c9a97f5e7363be6fd	2023-10-01

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52522	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2267795	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.4.258 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.4.258"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.10.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.10.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.15.135 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.15.135"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 6.1.57 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 6.1.57"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 6.5.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 6.5.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 6.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 6.6"		en		Affected