Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-52698

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/05/2024
Last modified:
07/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> calipso: fix memory leak in netlbl_calipso_add_pass()<br /> <br /> If IPv6 support is disabled at boot (ipv6.disable=1),<br /> the calipso_init() -&gt; netlbl_calipso_ops_register() function isn&amp;#39;t called,<br /> and the netlbl_calipso_ops_get() function always returns NULL.<br /> In this case, the netlbl_calipso_add_pass() function allocates memory<br /> for the doi_def variable but doesn&amp;#39;t free it with the calipso_doi_free().<br /> <br /> BUG: memory leak<br /> unreferenced object 0xffff888011d68180 (size 64):<br /> comm "syz-executor.1", pid 10746, jiffies 4295410986 (age 17.928s)<br /> hex dump (first 32 bytes):<br /> 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> backtrace:<br /> [] kmalloc include/linux/slab.h:552 [inline]<br /> [] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline]<br /> [] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111<br /> [] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739<br /> [] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]<br /> [] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800<br /> [] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515<br /> [] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811<br /> [] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]<br /> [] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339<br /> [] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934<br /> [] sock_sendmsg_nosec net/socket.c:651 [inline]<br /> [] sock_sendmsg+0x157/0x190 net/socket.c:671<br /> [] ____sys_sendmsg+0x712/0x870 net/socket.c:2342<br /> [] ___sys_sendmsg+0xf8/0x170 net/socket.c:2396<br /> [] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429<br /> [] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46<br /> [] entry_SYSCALL_64_after_hwframe+0x61/0xc6<br /> <br /> Found by InfoTeCS on behalf of Linux Verification Center<br /> (linuxtesting.org) with Syzkaller<br /> <br /> [PM: merged via the LSM tree at Jakub Kicinski request]

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.8 (including) 4.19.306 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.268 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.209 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.148 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.75 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.14 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools