CVE-2023-52524
Published: March 5, 2024Last modified: March 5, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Not affected (6.1.33-r0) |
| Stream | linux-lts | Fixed (6.6.58-r0) |
References
- https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391
- https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391
- https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b
- https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082
- https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb
- https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916