Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-52522
HistoryMar 02, 2024 - 10:15 p.m.

Spoofing

2024-03-0222:15:00
PRIOn knowledge base
www.prio-n.com
6
linux
kernel
vulnerability
resolved
net
code
fix
store tearing
neighbor periodic work
rcu_deference
rcu_assign_pointer
write_once
lockdep support

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

In the Linux kernel, the following vulnerability has been resolved:

net: fix possible store tearing in neigh_periodic_work()

While looking at a related syzbot report involving neigh_periodic_work(),
I found that I forgot to add an annotation when deleting an
RCU protected item from a list.

Readers use rcu_deference(*np), we need to use either
rcu_assign_pointer() or WRITE_ONCE() on writer side
to prevent store tearing.

I use rcu_assign_pointer() to have lockdep support,
this was the choice made in neigh_flush_dev().

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%