Vulnerability-Lookup

WID-SEC-W-2024-3565

Vulnerability from csaf_certbund - Published: 2024-11-28 23:00 - Updated: 2025-06-03 22:00

Summary

Linux Kernel: Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2023-52922

Affected products

Known affected 15 products

Product	Identifier	Version
Open Source Linux Kernel <4.19.291 Open Source / Linux Kernel		<4.19.291
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell NetWorker Dell	`cpe:/a:dell:networker:virtual`	—
Open Source Linux Kernel <4.14.322 Open Source / Linux Kernel		<4.14.322
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source Linux Kernel <6.4.7 Open Source / Linux Kernel		<6.4.7
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Open Source Linux Kernel <5.15.123 Open Source / Linux Kernel		<5.15.123
Open Source Linux Kernel <5.10.188 Open Source / Linux Kernel		<5.10.188
IBM QRadar SIEM <7.5.0 UP11 IF04 IBM / QRadar SIEM		<7.5.0 UP11 IF04
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Linux Kernel <6.1.42 Open Source / Linux Kernel		<6.1.42
Open Source Linux Kernel <6.5 Open Source / Linux Kernel		<6.5
Red Hat OpenShift Container Platform <4.14.49 Red Hat / OpenShift		Container Platform <4.14.49
Open Source Linux Kernel <5.4.251 Open Source / Linux Kernel		<5.4.251

References

53 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lore.kernel.org/linux-cve-announce/202411…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2025:2488	external
https://access.redhat.com/errata/RHSA-2025:2489	external
https://access.redhat.com/errata/RHSA-2025:2490	external
https://access.redhat.com/errata/RHSA-2025:2528	external
https://access.redhat.com/errata/RHSA-2025:2514	external
https://access.redhat.com/errata/RHSA-2025:2517	external
https://access.redhat.com/errata/RHSA-2025:2525	external
https://access.redhat.com/errata/RHSA-2025:2524	external
https://access.redhat.com/errata/RHSA-2025:2501	external
https://access.redhat.com/errata/RHSA-2025:2510	external
https://access.redhat.com/errata/RHSA-2025:2512	external
https://access.redhat.com/errata/RHSA-2025:2627	external
https://access.redhat.com/errata/RHSA-2025:2646	external
https://linux.oracle.com/errata/ELSA-2025-2627.html	external
https://access.redhat.com/errata/RHSA-2025:2705	external
https://access.redhat.com/errata/RHSA-2025:3027	external
https://access.redhat.com/errata/RHSA-2025:3025	external
https://access.redhat.com/errata/RHSA-2025:3026	external
https://access.redhat.com/errata/RHSA-2025:3048	external
https://access.redhat.com/errata/RHSA-2025:3049	external
https://access.redhat.com/errata/RHSA-2025:2696	external
https://access.redhat.com/errata/RHSA-2025:3024	external
https://access.redhat.com/errata/RHSA-2025:2710	external
https://linux.oracle.com/errata/ELSA-2025-3026.html	external
https://access.redhat.com/errata/RHSA-2025:3096	external
https://access.redhat.com/errata/RHSA-2025:3093	external
https://access.redhat.com/errata/RHSA-2025:3094	external
https://access.redhat.com/errata/RHSA-2025:3095	external
https://access.redhat.com/errata/RHSA-2025:3097	external
https://access.redhat.com/errata/RHSA-2025:3112	external
https://access.redhat.com/errata/RHSA-2025:3055	external
https://linux.oracle.com/errata/ELSA-2025-2501.html	external
https://www.ibm.com/support/pages/node/7231915	external
https://www.dell.com/support/kbdoc/de-de/00032629…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3565 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3565.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3565 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3565"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-52922 vom 2024-11-28",
        "url": "https://lore.kernel.org/linux-cve-announce/2024112856-CVE-2023-52922-39e1@gregkh/T/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4316-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S4I5Z6ALCJLHTP25U3HMJHEXN4DR2USM/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4318-1 vom 2024-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019999.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4315-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LQPWDP54GSTHYCV4CTCOE67D2ANVPPUW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4314-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SARXL66CQHD5VSFG5PUBNBVBPVFUN4KT/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4346-1 vom 2024-12-17",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2FJJW5HEWYSYWAJBRWARBIZ4AQHAXLNG/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4345-1 vom 2024-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020018.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4364-1 vom 2024-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WFOJHFFEHK42VPQ6XLZWB77H5OEJ3FF4/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WFOJHFFEHK42VPQ6XLZWB77H5OEJ3FF4/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020028.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4387-1 vom 2024-12-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020032.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0236-1 vom 2025-01-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020196.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2488 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2488"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2489 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2489"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2490 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2490"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2528 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2528"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2514 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2514"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2517 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2517"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2525 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2525"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2524 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2524"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2501 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2501"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2510 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2510"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2512 vom 2025-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:2512"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2627 vom 2025-03-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:2627"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2646 vom 2025-03-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:2646"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-2627 vom 2025-03-12",
        "url": "https://linux.oracle.com/errata/ELSA-2025-2627.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2705 vom 2025-03-18",
        "url": "https://access.redhat.com/errata/RHSA-2025:2705"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3027 vom 2025-03-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:3027"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3025 vom 2025-03-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:3025"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3026 vom 2025-03-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:3026"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3048 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:3048"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3049 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:3049"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2696 vom 2025-03-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:2696"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3024 vom 2025-03-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:3024"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2710 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:2710"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-3026 vom 2025-03-19",
        "url": "https://linux.oracle.com/errata/ELSA-2025-3026.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3096 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:3096"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3093 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:3093"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3094 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:3094"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3095 vom 2025-03-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:3095"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3097 vom 2025-03-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:3097"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3112 vom 2025-03-24",
        "url": "https://access.redhat.com/errata/RHSA-2025:3112"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3055 vom 2025-03-26",
        "url": "https://access.redhat.com/errata/RHSA-2025:3055"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-2501 vom 2025-03-31",
        "url": "https://linux.oracle.com/errata/ELSA-2025-2501.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7231915 vom 2025-04-26",
        "url": "https://www.ibm.com/support/pages/node/7231915"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
        "url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20247-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021076.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20246-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021078.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20164-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021175.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20163-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021187.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2025-06-03T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-04T11:53:17.871+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-3565",
      "initial_release_date": "2024-11-28T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-28T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-15T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-17T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-18T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-19T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-26T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-03-09T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-10T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-03-17T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-18T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-19T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2025-03-20T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-24T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-26T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-30T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-04-27T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-05-29T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-06-03T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "19"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Avamar",
            "product": {
              "name": "Dell Avamar",
              "product_id": "T039664",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:avamar:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell NetWorker",
            "product": {
              "name": "Dell NetWorker",
              "product_id": "T034583",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:virtual"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP11 IF04",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP11 IF04",
                  "product_id": "T043169"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP11 IF04",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP11 IF04",
                  "product_id": "T043169-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up11_if04"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.4.7",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.4.7",
                  "product_id": "1485600"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.7",
                "product": {
                  "name": "Open Source Linux Kernel 6.4.7",
                  "product_id": "1485600-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.4.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.14.322",
                "product": {
                  "name": "Open Source Linux Kernel \u003c4.14.322",
                  "product_id": "1524986"
                }
              },
              {
                "category": "product_version",
                "name": "4.14.322",
                "product": {
                  "name": "Open Source Linux Kernel 4.14.322",
                  "product_id": "1524986-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:4.14.322"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.10.188",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.10.188",
                  "product_id": "1549683"
                }
              },
              {
                "category": "product_version",
                "name": "5.10.188",
                "product": {
                  "name": "Open Source Linux Kernel 5.10.188",
                  "product_id": "1549683-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.10.188"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.15.123",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.15.123",
                  "product_id": "1549708"
                }
              },
              {
                "category": "product_version",
                "name": "5.15.123",
                "product": {
                  "name": "Open Source Linux Kernel 5.15.123",
                  "product_id": "1549708-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.15.123"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.1.42",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.1.42",
                  "product_id": "1549732"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.42",
                "product": {
                  "name": "Open Source Linux Kernel 6.1.42",
                  "product_id": "1549732-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.1.42"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.4.251",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.4.251",
                  "product_id": "1587034"
                }
              },
              {
                "category": "product_version",
                "name": "5.4.251",
                "product": {
                  "name": "Open Source Linux Kernel 5.4.251",
                  "product_id": "1587034-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.4.251"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.19.291",
                "product": {
                  "name": "Open Source Linux Kernel \u003c4.19.291",
                  "product_id": "1587058"
                }
              },
              {
                "category": "product_version",
                "name": "4.19.291",
                "product": {
                  "name": "Open Source Linux Kernel 4.19.291",
                  "product_id": "1587058-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:4.19.291"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=2.6.25",
                "product": {
                  "name": "Open Source Linux Kernel \u003e=2.6.25",
                  "product_id": "980447"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=2.6.25",
                "product": {
                  "name": "Open Source Linux Kernel \u003e=2.6.25",
                  "product_id": "980447-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.5",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.5",
                  "product_id": "T032957"
                }
              },
              {
                "category": "product_version",
                "name": "6.5",
                "product": {
                  "name": "Open Source Linux Kernel 6.5",
                  "product_id": "T032957-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.14.49",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.14.49",
                  "product_id": "T042010"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.14.49",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.14.49",
                  "product_id": "T042010-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.49"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52922",
      "product_status": {
        "known_affected": [
          "1587058",
          "67646",
          "T034583",
          "1524986",
          "T004914",
          "1485600",
          "T039664",
          "1549708",
          "1549683",
          "T043169",
          "T002207",
          "1549732",
          "T032957",
          "T042010",
          "1587034"
        ]
      },
      "release_date": "2024-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-52922"
    }
  ]
}

CVE-2023-52922 (GCVE-0-2023-52922)

Vulnerability from cvelistv5 – Published: 2024-11-28 15:09 – Updated: 2026-05-11 19:35

Title

can: bcm: Fix UAF in bcm_proc_show()

Summary

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 kasan_report+0xba/0xf0 bcm_proc_show+0x969/0xa80 seq_read_iter+0x4f6/0x1260 seq_read+0x165/0x210 proc_reg_read+0x227/0x300 vfs_read+0x1d5/0x8d0 ksys_read+0x11e/0x240 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Allocated by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op is freed before procfs entry be removed in bcm_release(), this lead to bcm_proc_show() may read the freed bcm_op.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/11b8e27ed448baa38…
https://git.kernel.org/stable/c/9b58d36d0c1ea29a9…
https://git.kernel.org/stable/c/9533dbfac0ff7edd7…
https://git.kernel.org/stable/c/cf254b4f68e480e73…
https://git.kernel.org/stable/c/3c3941bb1eb53abe7…
https://git.kernel.org/stable/c/995f47d76647708ec…
https://git.kernel.org/stable/c/dfd0aa26e9a07f2ce…
https://git.kernel.org/stable/c/55c3b96074f3f9b0a…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 11b8e27ed448baa385d90154a141466bd5e92f18 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < cf254b4f68e480e73dab055014e002b77aed30ed (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 3c3941bb1eb53abe7d640ffee5c4d6b559829ab3 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 995f47d76647708ec26c6e388663ad4f3f264787 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < dfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 55c3b96074f3f9b0aee19bf93cd71af7516582bb (git)
Linux	Linux	Affected: 2.6.25 Unaffected: 0 , < 2.6.25 (semver) Unaffected: 4.14.322 , ≤ 4.14.* (semver) Unaffected: 4.19.291 , ≤ 4.19.* (semver) Unaffected: 5.4.251 , ≤ 5.4.* (semver) Unaffected: 5.10.188 , ≤ 5.10.* (semver) Unaffected: 5.15.123 , ≤ 5.15.* (semver) Unaffected: 6.1.42 , ≤ 6.1.* (semver) Unaffected: 6.4.7 , ≤ 6.4.* (semver) Unaffected: 6.5 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T14:25:19.812424Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T14:58:31.347Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-06-13T20:05:35.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://allelesecurity.com/use-after-free-vulnerability-in-can-bcm-subsystem-leading-to-information-disclosure-cve-2023-52922/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/can/bcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "11b8e27ed448baa385d90154a141466bd5e92f18",
              "status": "affected",
              "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
              "versionType": "git"
            },
            {
              "lessThan": "9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff",
              "status": "affected",
              "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
              "versionType": "git"
            },
            {
              "lessThan": "9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6",
              "status": "affected",
              "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
              "versionType": "git"
            },
            {
              "lessThan": "cf254b4f68e480e73dab055014e002b77aed30ed",
              "status": "affected",
              "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
              "versionType": "git"
            },
            {
              "lessThan": "3c3941bb1eb53abe7d640ffee5c4d6b559829ab3",
              "status": "affected",
              "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
              "versionType": "git"
            },
            {
              "lessThan": "995f47d76647708ec26c6e388663ad4f3f264787",
              "status": "affected",
              "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
              "versionType": "git"
            },
            {
              "lessThan": "dfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7",
              "status": "affected",
              "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
              "versionType": "git"
            },
            {
              "lessThan": "55c3b96074f3f9b0aee19bf93cd71af7516582bb",
              "status": "affected",
              "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/can/bcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.123",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.322",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.291",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.123",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.42",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.7",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Fix UAF in bcm_proc_show()\n\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\n\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xd5/0x150\n print_report+0xc1/0x5e0\n kasan_report+0xba/0xf0\n bcm_proc_show+0x969/0xa80\n seq_read_iter+0x4f6/0x1260\n seq_read+0x165/0x210\n proc_reg_read+0x227/0x300\n vfs_read+0x1d5/0x8d0\n ksys_read+0x11e/0x240\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAllocated by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x9e/0xa0\n bcm_sendmsg+0x264b/0x44e0\n sock_sendmsg+0xda/0x180\n ____sys_sendmsg+0x735/0x920\n ___sys_sendmsg+0x11d/0x1b0\n __sys_sendmsg+0xfa/0x1d0\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n ____kasan_slab_free+0x161/0x1c0\n slab_free_freelist_hook+0x119/0x220\n __kmem_cache_free+0xb4/0x2e0\n rcu_core+0x809/0x1bd0\n\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:35:40.844Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/11b8e27ed448baa385d90154a141466bd5e92f18"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf254b4f68e480e73dab055014e002b77aed30ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c3941bb1eb53abe7d640ffee5c4d6b559829ab3"
        },
        {
          "url": "https://git.kernel.org/stable/c/995f47d76647708ec26c6e388663ad4f3f264787"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/55c3b96074f3f9b0aee19bf93cd71af7516582bb"
        }
      ],
      "title": "can: bcm: Fix UAF in bcm_proc_show()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52922",
    "datePublished": "2024-11-28T15:09:51.360Z",
    "dateReserved": "2024-08-21T06:07:11.018Z",
    "dateUpdated": "2026-05-11T19:35:40.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-3565

CVE-2023-52922 (GCVE-0-2023-52922)

Tags

Sightings

Nomenclature