| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2023-52524: net: nfc: llcp: Add lock when modifying device list |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| net: nfc: llcp: Add lock when modifying device list |
| |
| The device list needs its associated lock held when modifying it, or the |
| list could become corrupted, as syzbot discovered. |
| |
| The Linux kernel CVE team has assigned CVE-2023-52524 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 5.4.251 with commit dd6ff3f3862709ab1a12566e73b9d6a9b8f6e548 and fixed in 5.4.258 with commit 191d87a19cf1005ecf41e1ae08d74e17379e8391 |
| Issue introduced in 5.10.188 with commit 96f2c6f272ec04083d828de46285a7d7b17d1aad and fixed in 5.10.198 with commit dba849cc98113b145c6e720122942c00b8012bdb |
| Issue introduced in 5.15.121 with commit fc8429f8d86801f092fbfbd257c3af821ac0dcd3 and fixed in 5.15.135 with commit 4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b |
| Issue introduced in 6.1.39 with commit 425d9d3a92df7d96b3cfb7ee5c240293a21cbde3 and fixed in 6.1.57 with commit 7562780e32b84196731d57dd24563546fcf6d082 |
| Issue introduced in 6.5 with commit 6709d4b7bc2e079241fdef15d1160581c5261c10 and fixed in 6.5.7 with commit 29c16c2bf5866326d5fbc4a537b3997fcac23391 |
| Issue introduced in 6.5 with commit 6709d4b7bc2e079241fdef15d1160581c5261c10 and fixed in 6.6 with commit dfc7f7a988dad34c3bf4c053124fb26aa6c5f916 |
| Issue introduced in 6.3.13 with commit b3ad46e155a6d91b36c6e892019a43e3ef3c696d |
| Issue introduced in 6.4.4 with commit e5207c1d69b1a9707615ab6ff9376e59fc096815 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2023-52524 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| net/nfc/llcp_core.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391 |
| https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb |
| https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b |
| https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082 |
| https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391 |
| https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916 |
