CVE-2023-52524

Description

In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

• CWE-667•Improper Locking

  The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Affected Systems

• linux•linux

  ≥ dd6ff3f3862709ab1a12566e73b9d6a9b8f6e548, < 191d87a19cf1005ecf41e1ae08d74e17379e8391 | ≥ 96f2c6f272ec04083d828de46285a7d7b17d1aad, < dba849cc98113b145c6e720122942c00b8012bdb | ≥ fc8429f8d86801f092fbfbd257c3af821ac0dcd3, < 4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b | ≥ 425d9d3a92df7d96b3cfb7ee5c240293a21cbde3, < 7562780e32b84196731d57dd24563546fcf6d082 | ≥ 6709d4b7bc2e079241fdef15d1160581c5261c10, < 29c16c2bf5866326d5fbc4a537b3997fcac23391 | ≥ 6709d4b7bc2e079241fdef15d1160581c5261c10, < dfc7f7a988dad34c3bf4c053124fb26aa6c5f916 | b3ad46e155a6d91b36c6e892019a43e3ef3c696d | e5207c1d69b1a9707615ab6ff9376e59fc096815 | ≥ 5.4.251, < 5.4.258 | ≥ 5.10.188, < 5.10.198 | ≥ 5.15.121, < 5.15.135 | ≥ 6.1.39, < 6.1.57 | ≥ 6.3.13, < 6.4 | ≥ 6.4.4, < 6.5 | 6.5

• linux•linux_kernel

  ≥ 5.4.251, < 5.4.258 | ≥ 5.10.188, < 5.10.198 | ≥ 5.15.121, < 5.15.135 | ≥ 6.1.39, < 6.1.57 | ≥ 6.5, < 6.5.7 | 6.6:rc1 | 6.6:rc2 | 6.6:rc3 | 6.6:rc4

References (6)

• https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391
• https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb
• https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b
• https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082
• https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391
• https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916