[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-52885":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":84,"related":85,"reserved_at":9,"published_at":105,"modified_at":106,"state":107,"summary":108,"references_raw":117,"kevs":152,"epss":153,"epss_history":156,"metrics":423,"affected":429},"CVE-2023-52885","In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n  Read of size 8 at addr ffff888139d96228 by task nc/102553\n  CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n  Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n  Call Trace:\n   \u003CIRQ>\n   dump_stack_lvl+0x33/0x50\n   print_address_description.constprop.0+0x27/0x310\n   print_report+0x3e/0x70\n   kasan_report+0xae/0xe0\n   svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n   tcp_data_queue+0x9f4/0x20e0\n   tcp_rcv_established+0x666/0x1f60\n   tcp_v4_do_rcv+0x51c/0x850\n   tcp_v4_rcv+0x23fc/0x2e80\n   ip_protocol_deliver_rcu+0x62/0x300\n   ip_local_deliver_finish+0x267/0x350\n   ip_local_deliver+0x18b/0x2d0\n   ip_rcv+0x2fb/0x370\n   __netif_receive_skb_one_core+0x166/0x1b0\n   process_backlog+0x24c/0x5e0\n   __napi_poll+0xa2/0x500\n   net_rx_action+0x854/0xc90\n   __do_softirq+0x1bb/0x5de\n   do_softirq+0xcb/0x100\n   \u003C/IRQ>\n   \u003CTASK>\n   ...\n   \u003C/TASK>\n\n  Allocated by task 102371:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   __kasan_kmalloc+0x7b/0x90\n   svc_setup_socket+0x52/0x4f0 [sunrpc]\n   svc_addsock+0x20d/0x400 [sunrpc]\n   __write_ports_addfd+0x209/0x390 [nfsd]\n   write_ports+0x239/0x2c0 [nfsd]\n   nfsctl_transaction_write+0xac/0x110 [nfsd]\n   vfs_write+0x1c3/0xae0\n   ksys_write+0xed/0x1c0\n   do_syscall_64+0x38/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n  Freed by task 102551:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   kasan_save_free_info+0x2a/0x50\n   __kasan_slab_free+0x106/0x190\n   __kmem_cache_free+0x133/0x270\n   svc_xprt_free+0x1e2/0x350 [sunrpc]\n   svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n   nfsd_put+0x125/0x240 [nfsd]\n   nfsd_svc+0x2cb/0x3c0 [nfsd]\n   write_threads+0x1ac/0x2a0 [nfsd]\n   nfsctl_transaction_write+0xac/0x110 [nfsd]\n   vfs_write+0x1c3/0xae0\n   ksys_write+0xed/0x1c0\n   do_syscall_64+0x38/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82],{"_key":25},"SUSE-SU-2024:2948-1",{"_key":27},"SUSE-SU-2024:2894-1",{"_key":29},"SUSE-SU-2024:2892-1",{"_key":31},"SUSE-SU-2024:2893-1",{"_key":33},"SUSE-SU-2024:2901-1",{"_key":35},"SUSE-SU-2024:2902-1",{"_key":37},"SUSE-SU-2024:2923-1",{"_key":39},"SUSE-SU-2024:2929-1",{"_key":41},"SUSE-SU-2024:2940-1",{"_key":43},"SUSE-SU-2025:1422-1",{"_key":45},"SUSE-SU-2025:1423-1",{"_key":47},"SUSE-SU-2025:1448-1",{"_key":49},"SUSE-SU-2024:2939-1",{"_key":51},"SUSE-SU-2024:2947-1",{"_key":53},"SUSE-SU-2024:3194-1",{"_key":55},"SUSE-SU-2024:3195-1",{"_key":57},"SUSE-SU-2024:3383-1",{"_key":59},"SUSE-SU-2025:20044-1",{"_key":61},"SUSE-SU-2025:20047-1",{"_key":63},"DEBIAN-CVE-2023-52885",{"_key":65},"RHSA-2024:5281",{"_key":67},"RHSA-2024:5066",{"_key":69},"RHSA-2024:5067",{"_key":71},"UBUNTU-CVE-2023-52885",{"_key":73},"USN-7685-1",{"_key":75},"USN-7685-2",{"_key":77},"USN-7685-3",{"_key":79},"USN-7685-4",{"_key":81},"USN-7685-5",{"_key":83},"LSN-0114-1",[],[86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},"2024-07-14T07:11:28.548Z","2026-05-11T19:34:54.708Z","Modified",{"cisa_kev":109,"cisa_ransomware":109,"cisa_vendor":9,"epss_severity":110,"epss_score":111,"severity":112,"severity_score":113,"severity_version":114,"severity_source":115,"severity_vector":116,"severity_status":107},false,"low",0.00022,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[118,124,128,132,136,140,144,148],{"url":119,"sources":120,"tags":122},"https://git.kernel.org/stable/c/c7b8c2d06e437639694abe76978e915cfb73f428",[121,115],"cve.org",[123],"Patch",{"url":125,"sources":126,"tags":127},"https://git.kernel.org/stable/c/dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254",[121,115],[123],{"url":129,"sources":130,"tags":131},"https://git.kernel.org/stable/c/42725e5c1b181b757ba11d804443922982334d9b",[121,115],[123],{"url":133,"sources":134,"tags":135},"https://git.kernel.org/stable/c/cd5ec3ee52ce4b7e283cc11facfa420c297c8065",[121,115],[123],{"url":137,"sources":138,"tags":139},"https://git.kernel.org/stable/c/fbf4ace39b2e4f3833236afbb2336edbafd75eee",[121,115],[123],{"url":141,"sources":142,"tags":143},"https://git.kernel.org/stable/c/ef047411887ff0845afd642d6a687819308e1a4e",[121,115],[123],{"url":145,"sources":146,"tags":147},"https://git.kernel.org/stable/c/7e1f989055622fd086c5dfb291fc72adf5660b6f",[121,115],[123],{"url":149,"sources":150,"tags":151},"https://git.kernel.org/stable/c/fc80fc2d4e39137869da3150ee169b40bf879287",[121,115],[123],[],{"date":154,"score":111,"percentile":155},"2026-06-03",0.06534,[157,160,163,166,169,172,175,178,181,184,187,190,193,196,199,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,286,289,292,295,298,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,356,359,361,364,367,370,372,375,378,381,384,387,390,393,396,399,402,405,408,411,414,417,420],{"date":158,"score":111,"percentile":159},"2025-11-04",0.04562,{"date":161,"score":111,"percentile":162},"2025-11-05",0.04569,{"date":164,"score":111,"percentile":165},"2025-11-06",0.04683,{"date":167,"score":111,"percentile":168},"2025-11-07",0.04695,{"date":170,"score":111,"percentile":171},"2025-11-08",0.0469,{"date":173,"score":111,"percentile":174},"2025-11-09",0.04693,{"date":176,"score":111,"percentile":177},"2025-11-10",0.04678,{"date":179,"score":111,"percentile":180},"2025-11-11",0.04713,{"date":182,"score":111,"percentile":183},"2025-11-12",0.04733,{"date":185,"score":111,"percentile":186},"2025-11-13",0.04765,{"date":188,"score":111,"percentile":189},"2025-11-14",0.04794,{"date":191,"score":111,"percentile":192},"2025-11-15",0.04835,{"date":194,"score":111,"percentile":195},"2025-11-16",0.04849,{"date":197,"score":111,"percentile":198},"2025-11-17",0.04838,{"date":200,"score":201,"percentile":202},"2025-11-18",0.00092,0.22324,{"date":204,"score":201,"percentile":205},"2025-11-19",0.22334,{"date":207,"score":201,"percentile":208},"2025-11-20",0.22341,{"date":210,"score":111,"percentile":211},"2025-11-21",0.04869,{"date":213,"score":111,"percentile":214},"2025-11-22",0.04879,{"date":216,"score":111,"percentile":217},"2025-11-23",0.04871,{"date":219,"score":111,"percentile":220},"2025-11-24",0.0485,{"date":222,"score":111,"percentile":223},"2025-11-25",0.04861,{"date":225,"score":111,"percentile":226},"2025-11-26",0.04897,{"date":228,"score":111,"percentile":229},"2025-11-27",0.04915,{"date":231,"score":111,"percentile":232},"2025-11-28",0.04901,{"date":234,"score":111,"percentile":235},"2025-11-29",0.04958,{"date":237,"score":111,"percentile":238},"2025-11-30",0.04954,{"date":240,"score":111,"percentile":241},"2025-12-01",0.05047,{"date":243,"score":111,"percentile":244},"2025-12-02",0.05062,{"date":246,"score":111,"percentile":247},"2025-12-03",0.05088,{"date":249,"score":111,"percentile":250},"2025-12-04",0.05035,{"date":252,"score":111,"percentile":253},"2025-12-05",0.05098,{"date":255,"score":111,"percentile":256},"2025-12-06",0.05112,{"date":258,"score":111,"percentile":259},"2025-12-07",0.05113,{"date":261,"score":111,"percentile":262},"2025-12-08",0.05116,{"date":264,"score":111,"percentile":265},"2025-12-09",0.05159,{"date":267,"score":111,"percentile":268},"2025-12-10",0.05221,{"date":270,"score":111,"percentile":271},"2025-12-11",0.05214,{"date":273,"score":111,"percentile":274},"2025-12-12",0.05239,{"date":276,"score":111,"percentile":277},"2025-12-13",0.05285,{"date":279,"score":111,"percentile":280},"2025-12-14",0.05272,{"date":282,"score":111,"percentile":283},"2025-12-15",0.05246,{"date":285,"score":111,"percentile":283},"2025-12-16",{"date":287,"score":111,"percentile":288},"2025-12-17",0.05309,{"date":290,"score":111,"percentile":291},"2025-12-18",0.05343,{"date":293,"score":111,"percentile":294},"2025-12-19",0.05328,{"date":296,"score":111,"percentile":297},"2025-12-20",0.0533,{"date":299,"score":111,"percentile":297},"2025-12-21",{"date":301,"score":111,"percentile":302},"2025-12-22",0.0527,{"date":304,"score":111,"percentile":305},"2025-12-23",0.0528,{"date":307,"score":111,"percentile":308},"2025-12-24",0.05317,{"date":310,"score":111,"percentile":311},"2025-12-25",0.0535,{"date":313,"score":111,"percentile":314},"2025-12-26",0.05355,{"date":316,"score":111,"percentile":317},"2025-12-27",0.05353,{"date":319,"score":111,"percentile":320},"2025-12-28",0.05346,{"date":322,"score":111,"percentile":323},"2025-12-29",0.0534,{"date":325,"score":111,"percentile":326},"2025-12-30",0.053,{"date":328,"score":111,"percentile":329},"2025-12-31",0.05332,{"date":331,"score":111,"percentile":332},"2026-01-01",0.05413,{"date":334,"score":111,"percentile":335},"2026-01-02",0.05408,{"date":337,"score":111,"percentile":338},"2026-01-03",0.05371,{"date":340,"score":111,"percentile":341},"2026-01-04",0.05268,{"date":343,"score":111,"percentile":344},"2026-01-05",0.05216,{"date":346,"score":111,"percentile":347},"2026-01-06",0.05213,{"date":349,"score":111,"percentile":350},"2026-01-07",0.05233,{"date":352,"score":111,"percentile":353},"2026-01-08",0.05286,{"date":355,"score":111,"percentile":353},"2026-01-09",{"date":357,"score":111,"percentile":358},"2026-01-10",0.05291,{"date":360,"score":111,"percentile":302},"2026-01-11",{"date":362,"score":111,"percentile":363},"2026-01-12",0.05274,{"date":365,"score":111,"percentile":366},"2026-01-13",0.05263,{"date":368,"score":111,"percentile":369},"2026-01-14",0.05308,{"date":371,"score":111,"percentile":280},"2026-01-15",{"date":373,"score":111,"percentile":374},"2026-01-16",0.05262,{"date":376,"score":111,"percentile":377},"2026-01-17",0.05257,{"date":379,"score":111,"percentile":380},"2026-01-18",0.05234,{"date":382,"score":111,"percentile":383},"2026-01-19",0.05189,{"date":385,"score":111,"percentile":386},"2026-01-20",0.05151,{"date":388,"score":111,"percentile":389},"2026-01-21",0.05147,{"date":391,"score":111,"percentile":392},"2026-01-22",0.05131,{"date":394,"score":111,"percentile":395},"2026-01-23",0.05186,{"date":397,"score":111,"percentile":398},"2026-01-24",0.0523,{"date":400,"score":111,"percentile":401},"2026-01-25",0.05178,{"date":403,"score":111,"percentile":404},"2026-01-26",0.05156,{"date":406,"score":111,"percentile":407},"2026-01-27",0.05136,{"date":409,"score":111,"percentile":410},"2026-01-28",0.05124,{"date":412,"score":111,"percentile":413},"2026-01-29",0.05135,{"date":415,"score":111,"percentile":416},"2026-01-30",0.05139,{"date":418,"score":111,"percentile":419},"2026-01-31",0.05109,{"date":421,"score":111,"percentile":422},"2026-02-01",0.052,[424],{"source":115,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":425,"cvss_v4_0":9},{"baseScore":113,"baseSeverity":426,"vectorString":116,"impactScore":427,"exploitabilityScore":428},"HIGH",9.8,4.6,[430,465],{"ecosystem":9,"name":431,"vendor":432,"product":432,"cpe_part":433,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":434},"Linux","linux","a",[435,442,445,448,451,454,457,460,463],{"version":436,"is_range":437,"range_type":121,"version_start":438,"version_start_type":439,"version_end":440,"version_end_type":441,"fixed_in":9},">= fa9251afc33c81606d70cfe91800a779096442ec, \u003C c7b8c2d06e437639694abe76978e915cfb73f428",true,"fa9251afc33c81606d70cfe91800a779096442ec","including","c7b8c2d06e437639694abe76978e915cfb73f428","excluding",{"version":443,"is_range":437,"range_type":121,"version_start":438,"version_start_type":439,"version_end":444,"version_end_type":441,"fixed_in":9},">= fa9251afc33c81606d70cfe91800a779096442ec, \u003C dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254","dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254",{"version":446,"is_range":437,"range_type":121,"version_start":438,"version_start_type":439,"version_end":447,"version_end_type":441,"fixed_in":9},">= fa9251afc33c81606d70cfe91800a779096442ec, \u003C 42725e5c1b181b757ba11d804443922982334d9b","42725e5c1b181b757ba11d804443922982334d9b",{"version":449,"is_range":437,"range_type":121,"version_start":438,"version_start_type":439,"version_end":450,"version_end_type":441,"fixed_in":9},">= fa9251afc33c81606d70cfe91800a779096442ec, \u003C cd5ec3ee52ce4b7e283cc11facfa420c297c8065","cd5ec3ee52ce4b7e283cc11facfa420c297c8065",{"version":452,"is_range":437,"range_type":121,"version_start":438,"version_start_type":439,"version_end":453,"version_end_type":441,"fixed_in":9},">= fa9251afc33c81606d70cfe91800a779096442ec, \u003C fbf4ace39b2e4f3833236afbb2336edbafd75eee","fbf4ace39b2e4f3833236afbb2336edbafd75eee",{"version":455,"is_range":437,"range_type":121,"version_start":438,"version_start_type":439,"version_end":456,"version_end_type":441,"fixed_in":9},">= fa9251afc33c81606d70cfe91800a779096442ec, \u003C ef047411887ff0845afd642d6a687819308e1a4e","ef047411887ff0845afd642d6a687819308e1a4e",{"version":458,"is_range":437,"range_type":121,"version_start":438,"version_start_type":439,"version_end":459,"version_end_type":441,"fixed_in":9},">= fa9251afc33c81606d70cfe91800a779096442ec, \u003C 7e1f989055622fd086c5dfb291fc72adf5660b6f","7e1f989055622fd086c5dfb291fc72adf5660b6f",{"version":461,"is_range":437,"range_type":121,"version_start":438,"version_start_type":439,"version_end":462,"version_end_type":441,"fixed_in":9},">= fa9251afc33c81606d70cfe91800a779096442ec, \u003C fc80fc2d4e39137869da3150ee169b40bf879287","fc80fc2d4e39137869da3150ee169b40bf879287",{"version":464,"is_range":109,"range_type":121,"version_start":464,"version_start_type":439,"version_end":464,"version_end_type":439,"fixed_in":9},"4.8",{"ecosystem":9,"name":466,"vendor":432,"product":467,"cpe_part":468,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":469},"linux kernel","linux_kernel","o",[470,474,478,482,486,490,494],{"version":471,"is_range":437,"range_type":472,"version_start":464,"version_start_type":439,"version_end":473,"version_end_type":441,"fixed_in":9},"gte4.8_lt4.14.322","cpe","4.14.322",{"version":475,"is_range":437,"range_type":472,"version_start":476,"version_start_type":439,"version_end":477,"version_end_type":441,"fixed_in":9},"gte4.15_lt4.19.291","4.15","4.19.291",{"version":479,"is_range":437,"range_type":472,"version_start":480,"version_start_type":439,"version_end":481,"version_end_type":441,"fixed_in":9},"gte4.20_lt5.4.251","4.20","5.4.251",{"version":483,"is_range":437,"range_type":472,"version_start":484,"version_start_type":439,"version_end":485,"version_end_type":441,"fixed_in":9},"gte5.5_lt5.10.188","5.5","5.10.188",{"version":487,"is_range":437,"range_type":472,"version_start":488,"version_start_type":439,"version_end":489,"version_end_type":441,"fixed_in":9},"gte5.11_lt5.15.121","5.11","5.15.121",{"version":491,"is_range":437,"range_type":472,"version_start":492,"version_start_type":439,"version_end":493,"version_end_type":441,"fixed_in":9},"gte5.16_lt6.1.39","5.16","6.1.39",{"version":495,"is_range":437,"range_type":472,"version_start":496,"version_start_type":439,"version_end":497,"version_end_type":441,"fixed_in":9},"gte6.2_lt6.4.4","6.2","6.4.4"]