| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Fix UAF in bcm_proc_show()\n\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\n\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0xd5/0x150\n print_report+0xc1/0x5e0\n kasan_report+0xba/0xf0\n bcm_proc_show+0x969/0xa80\n seq_read_iter+0x4f6/0x1260\n seq_read+0x165/0x210\n proc_reg_read+0x227/0x300\n vfs_read+0x1d5/0x8d0\n ksys_read+0x11e/0x240\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAllocated by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x9e/0xa0\n bcm_sendmsg+0x264b/0x44e0\n sock_sendmsg+0xda/0x180\n ____sys_sendmsg+0x735/0x920\n ___sys_sendmsg+0x11d/0x1b0\n __sys_sendmsg+0xfa/0x1d0\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n ____kasan_slab_free+0x161/0x1c0\n slab_free_freelist_hook+0x119/0x220\n __kmem_cache_free+0xb4/0x2e0\n rcu_core+0x809/0x1bd0\n\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/can/bcm.c" |
| ], |
| "versions": [ |
| { |
| "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828", |
| "lessThan": "11b8e27ed448baa385d90154a141466bd5e92f18", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828", |
| "lessThan": "9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828", |
| "lessThan": "9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828", |
| "lessThan": "cf254b4f68e480e73dab055014e002b77aed30ed", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828", |
| "lessThan": "3c3941bb1eb53abe7d640ffee5c4d6b559829ab3", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828", |
| "lessThan": "995f47d76647708ec26c6e388663ad4f3f264787", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828", |
| "lessThan": "dfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ffd980f976e7fd666c2e61bf8ab35107efd11828", |
| "lessThan": "55c3b96074f3f9b0aee19bf93cd71af7516582bb", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/can/bcm.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.25", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.25", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.14.322", |
| "lessThanOrEqual": "4.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.291", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.251", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.188", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.123", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.42", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.4.7", |
| "lessThanOrEqual": "6.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.5", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.25", |
| "versionEndExcluding": "4.14.322" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.25", |
| "versionEndExcluding": "4.19.291" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.25", |
| "versionEndExcluding": "5.4.251" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.25", |
| "versionEndExcluding": "5.10.188" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.25", |
| "versionEndExcluding": "5.15.123" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.25", |
| "versionEndExcluding": "6.1.42" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.25", |
| "versionEndExcluding": "6.4.7" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.25", |
| "versionEndExcluding": "6.5" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/11b8e27ed448baa385d90154a141466bd5e92f18" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/cf254b4f68e480e73dab055014e002b77aed30ed" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/3c3941bb1eb53abe7d640ffee5c4d6b559829ab3" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/995f47d76647708ec26c6e388663ad4f3f264787" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/dfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/55c3b96074f3f9b0aee19bf93cd71af7516582bb" |
| } |
| ], |
| "title": "can: bcm: Fix UAF in bcm_proc_show()", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2023-52922", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
