CVE-2023-52664

net: atlantic: eliminate double free in error handling logic

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: atlantic: eliminate double free in error handling logic

Driver has a logic leak in ring data allocation/free,
where aq_ring_free could be called multiple times on same ring,
if system is under stress and got memory allocation error.

Ring pointer was used as an indicator of failure, but this is
not correct since only ring data is allocated/deallocated.
Ring itself is an array member.

Changing ring allocation functions to return error code directly.
This simplifies error handling and eliminates aq_ring_free
on higher layer.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: atlantic: elimina double free en la lógica de manejo de errores El controlador tiene una fuga lógica en la asignación de datos del anillo/free, donde se podría llamar a aq_ring_free varias veces en el mismo anillo, si el sistema está bajo estrés y obtuve un error de asignación de memoria. Se utilizó un puntero de anillo como indicador de error, pero esto no es correcto ya que solo se asignan/desasignan datos de anillo. El anillo en sí es un miembro de la matriz. Cambiar las funciones de asignación de anillos para devolver el código de error directamente. Esto simplifica el manejo de errores y elimina aq_ring_free en la capa superior.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-07 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d	2024-02-05
https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf	2024-02-05
https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d	2024-02-05
https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928	2023-12-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.77 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.77"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.16 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.7.4 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8"		en		Affected