VDB
CISA-2023-52522
CISA-2023-52522
PUBLISHED
CVSS 5.5 MEDIUM
Reported by Linux · Published March 2, 2024
In the Linux kernel, the following vulnerability has been resolved: net: fix possible store tearing in neigh_periodic_work() While looking at a related syzbot report involving neigh_periodic_work(), I found that I forgot to add an annotation when deleting an RCU protected item from a list. Readers use rcu_deference(*np), we need to use either rcu_assign_pointer() or WRITE_ONCE() on writer side to prevent store tearing. I use rcu_assign_pointer() to have lockdep support, this was the choice made in neigh_flush_dev().
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, 767e97e1e0db0d0f3152cd2f3bd3403596aedbad |
| Linux | Linux | 2.6.37, 0, 5.4.258 |
| Linux | Linux | 5.10.198, 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, 767e97e1e0db0d0f3152cd2f3bd3403596aedbad |
| linux | linux_kernel | 2.6.37, 2.6.37, 2.6.37 |
Timeline
- Mar 2, 2024 CVE Published
- May 4, 2025 CVE Updated