CVE-2023-52522

Advisory lineage Upstream: 0 Downstream: 15

Downstream

DEBIAN-CVE-2023-52522 RHSA-2024:2394 RHSA-2024:6993 RHSA-2024:6998 RHSA-2024:7000 RHSA-2024:7001

Analyzed

Published: 02 Mar 2024, 21:52

Last modified:11 May 2026, 19:28

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (cve.org)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Mar 2024, 21:52

Published

Vulnerability first disclosed

11 May 2026, 19:28

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix possible store tearing in neigh_periodic_work() While looking at a related syzbot report involving neigh_periodic_work(), I found that I forgot to add an annotation when deleting an RCU protected item from a list. Readers use rcu_deference(*np), we need to use either rcu_assign_pointer() or WRITE_ONCE() on writer side to prevent store tearing. I use rcu_assign_pointer() to have lockdep support, this was the choice made in neigh_flush_dev().

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Affected Systems

linux•linux
≥ 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, < 95eabb075a5902f4c0834ab1fb12dc35730c05af | ≥ 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, < 2ea52a2fb8e87067e26bbab4efb8872639240eb0 | ≥ 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, < 147d89ee41434b97043c2dcb17a97dc151859baa | ≥ 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, < f82aac8162871e87027692b36af335a2375d4580 | ≥ 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, < a75152d233370362eebedb2643592e7c883cc9fc | ≥ 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, < 25563b581ba3a1f263a00e8c9a97f5e7363be6fd | 2.6.37
linux•linux_kernel
≥ 2.6.37, < 5.4.258 | ≥ 5.5, < 5.10.198 | ≥ 5.11, < 5.15.135 | ≥ 5.16, < 6.1.57 | ≥ 6.2, < 6.5.7 | 6.6:rc1 | 6.6:rc2 | 6.6:rc3 | 6.6:rc4