CVE-2023-52583

ceph: fix deadlock or deadcode of misusing dget()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should
always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will always
be set from the callers, let's just remove it.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ceph: corrige el punto muerto o el código muerto por uso incorrecto de dget() El orden de bloqueo es incorrecto entre denty y su padre, siempre debemos asegurarnos de que el padre obtenga el bloqueo primero. Pero dado que este código muerto nunca se usa y el directorio principal siempre será configurado por quienes llaman, simplemente eliminémoslo.

In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will always be set from the callers, let's just remove it.

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-02 CVE Reserved
2024-03-06 CVE Published
2025-02-26 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6	2024-02-23
https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980	2024-02-23
https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3	2024-02-23
https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca	2024-02-23
https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e	2024-02-05
https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160	2024-02-05
https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67	2024-02-05
https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085	2024-01-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.34 < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 4.19.307"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.34 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 5.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.34 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.34 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.34 < 6.1.77 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 6.1.77"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.34 < 6.6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 6.6.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.34 < 6.7.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 6.7.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.34 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 6.8"		en		Affected