Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2023-52577
HistoryMar 02, 2024 - 10:15 p.m.

CVE-2023-52577

2024-03-0222:15:49
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
61
linux kernel
vulnerability
dccp
fix
security
kernel
cve-2023-52577

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:

dccp: fix dccp_v4_err()/dccp_v6_err() again

dh->dccph_x is the 9th byte (offset 8) in “struct dccp_hdr”,
not in the “byte 7” as Jann claimed.

We need to make sure the ICMP messages are big enough,
using more standard ways (no more assumptions).

syzbot reported:
BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]
BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline]
BUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94
pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]
pskb_may_pull include/linux/skbuff.h:2681 [inline]
dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94
icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867
icmpv6_rcv+0x19d5/0x30d0
ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438
ip6_input_finish net/ipv6/ip6_input.c:483 [inline]
NF_HOOK include/linux/netfilter.h:304 [inline]
ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492
ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586
dst_input include/net/dst.h:468 [inline]
ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:304 [inline]
ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core net/core/dev.c:5523 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637
netif_receive_skb_internal net/core/dev.c:5723 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5782
tun_rx_batched+0x83b/0x920
tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:1985 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x8ef/0x15c0 fs/read_write.c:584
ksys_write+0x20f/0x4c0 fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:646
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559
__alloc_skb+0x318/0x740 net/core/skbuff.c:650
alloc_skb include/linux/skbuff.h:1286 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795
tun_alloc_skb drivers/net/tun.c:1531 [inline]
tun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:1985 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x8ef/0x15c0 fs/read_write.c:584
ksys_write+0x20f/0x4c0 fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:646
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023

Affected configurations

Vulners
Node
linuxlinux_kernelRange4.14.3264.14.327
OR
linuxlinux_kernelRange4.19.2954.19.296
OR
linuxlinux_kernelRange5.4.2575.4.258
OR
linuxlinux_kernelRange5.10.1955.10.198
OR
linuxlinux_kernelRange5.15.1325.15.134
OR
linuxlinux_kernelRange6.1.536.1.56
OR
linuxlinux_kernelRange6.5.36.5.6
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/dccp/ipv4.c",
      "net/dccp/ipv6.c"
    ],
    "versions": [
      {
        "version": "3533e1027255",
        "lessThan": "4600beae416d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "177212bf6dc1",
        "lessThan": "62c218124fe5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7a7dd70cb954",
        "lessThan": "a6f4d582e25d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4b8a938e329a",
        "lessThan": "60d73c62e3e4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6ecf09699eb1",
        "lessThan": "26df9ab5de30",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f8a7f10a1dcc",
        "lessThan": "73be49248a04",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ec620c34f5fa",
        "lessThan": "1512d8f45d3c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "977ad86c2a1b",
        "lessThan": "6af289746a63",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/dccp/ipv4.c",
      "net/dccp/ipv6.c"
    ],
    "versions": [
      {
        "version": "4.14.326",
        "lessThan": "4.14.327",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.19.295",
        "lessThan": "4.19.296",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.4.257",
        "lessThan": "5.4.258",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.10.195",
        "lessThan": "5.10.198",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.15.132",
        "lessThan": "5.15.134",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "6.1.53",
        "lessThan": "6.1.56",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "6.5.3",
        "lessThan": "6.5.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
debiancve 1
redhatcve 1
nvd 1
vulnrichment 1
ubuntucve 1
cvelist 1
nessus 2
prion
prion
Spoofing
2024-03-02 22:15:00
debiancve
debiancve
CVE-2023-52577
2024-03-02 22:15:49
redhatcve
redhatcve
CVE-2023-52577
2024-03-04 18:20:07
nvd
nvd
CVE-2023-52577
2024-03-02 22:15:49
vulnrichment
vulnrichment
CVE-2023-52577 dccp: fix dccp_v4_err()/dccp_v6_err() again
2024-03-02 21:59:45
ubuntucve
ubuntucve
CVE-2023-52577
2024-03-02 00:00:00
cvelist
cvelist
CVE-2023-52577 dccp: fix dccp_v4_err()/dccp_v6_err() again
2024-03-02 21:59:45
nessus
nessus
RHEL 6 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

JSON
Related for CVE-2023-52577
prion1debiancve1redhatcve1nvd1vulnrichment1ubuntucve1cvelist1nessus2