CVE-2023-52653

SUNRPC: fix a memleak in gss_import_v2_context

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: fix a memleak in gss_import_v2_context

The ctx->mech_used.data allocated by kmemdup is not freed in neither
gss_import_v2_context nor it only caller gss_krb5_import_sec_context,
which frees ctx on error.

Thus, this patch reform the last call of gss_import_v2_context to the
gss_krb5_import_ctx_v2, preventing the memleak while keepping the return
formation.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: SUNRPC: corrige una fuga de memport en gss_import_v2_context El ctx->mech_used.data asignado por kmemdup no se libera ni en gss_import_v2_context ni solo en el llamador gss_krb5_import_sec_context, lo que libera a ctx en caso de error. Por lo tanto, este parche reforma la última llamada de gss_import_v2_context a gss_krb5_import_ctx_v2, evitando la fuga de memoria y manteniendo la formación de retorno.

*Credits: N/A

CVSS Scores

CISAv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-05-01 CVE Published
2024-05-02 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/47d84807762966c3611c38adecec6ea703ddda7a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c	2024-03-26
https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4	2024-03-26
https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822	2024-03-26
https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa	2024-03-01

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52653	2024-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=2278515	2024-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.35 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 6.6.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.35 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 6.7.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.35 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 6.8.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.35 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 6.9"		en		Affected