CVE-2023-52922
- Source
- https://cve.org/CVERecord?id=CVE-2023-52922
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52922.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52922
- Downstream
- Related
- Published
- 2024-11-28T15:09:51.360Z
- Modified
- 2026-03-20T12:32:53.011276Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- can: bcm: Fix UAF in bcm_proc_show()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Fix UAF in bcmprocshow()
BUG: KASAN: slab-use-after-free in bcmprocshow+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862
CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dumpstacklvl+0xd5/0x150 printreport+0xc1/0x5e0 kasanreport+0xba/0xf0 bcmprocshow+0x969/0xa80 seqreaditer+0x4f6/0x1260 seqread+0x165/0x210 procregread+0x227/0x300 vfsread+0x1d5/0x8d0 ksysread+0x11e/0x240 dosyscall64+0x35/0xb0 entrySYSCALL64after_hwframe+0x63/0xcd
Allocated by task 7846: kasansavestack+0x1e/0x40 kasansettrack+0x21/0x30 __kasankmalloc+0x9e/0xa0 bcmsendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 _syssendmsg+0xfa/0x1d0 dosyscall64+0x35/0xb0 entrySYSCALL64afterhwframe+0x63/0xcd
Freed by task 7846: kasansavestack+0x1e/0x40 kasansettrack+0x21/0x30 kasansavefree_info+0x27/0x40 ____kasanslabfree+0x161/0x1c0 slabfreefreelist_hook+0x119/0x220 _kmemcachefree+0xb4/0x2e0 rcucore+0x809/0x1bd0
bcmop is freed before procfs entry be removed in bcmrelease(), this lead to bcmprocshow() may read the freed bcm_op.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52922.json", "cna_assigner": "Linux" }- References
-
- https://allelesecurity.com/use-after-free-vulnerability-in-can-bcm-subsystem-leading-to-information-disclosure-cve-2023-52922/
- https://git.kernel.org/stable/c/11b8e27ed448baa385d90154a141466bd5e92f18
- https://git.kernel.org/stable/c/3c3941bb1eb53abe7d640ffee5c4d6b559829ab3
- https://git.kernel.org/stable/c/55c3b96074f3f9b0aee19bf93cd71af7516582bb
- https://git.kernel.org/stable/c/9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6
- https://git.kernel.org/stable/c/995f47d76647708ec26c6e388663ad4f3f264787
- https://git.kernel.org/stable/c/9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff
- https://git.kernel.org/stable/c/cf254b4f68e480e73dab055014e002b77aed30ed
- https://git.kernel.org/stable/c/dfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52922.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-52922
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedffd980f976e7fd666c2e61bf8ab35107efd11828Fixed11b8e27ed448baa385d90154a141466bd5e92f18Fixed9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ffFixed9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6Fixedcf254b4f68e480e73dab055014e002b77aed30edFixed3c3941bb1eb53abe7d640ffee5c4d6b559829ab3Fixed995f47d76647708ec26c6e388663ad4f3f264787Fixeddfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7Fixed55c3b96074f3f9b0aee19bf93cd71af7516582bb