VDB

CISA-2023-52522

CISA-2023-52522 PUBLISHED CVSS 5.5 MEDIUM

Reported by Linux · Published March 2, 2024

In the Linux kernel, the following vulnerability has been resolved: net: fix possible store tearing in neigh_periodic_work() While looking at a related syzbot report involving neigh_periodic_work(), I found that I forgot to add an annotation when deleting an RCU protected item from a list. Readers use rcu_deference(*np), we need to use either rcu_assign_pointer() or WRITE_ONCE() on writer side to prevent store tearing. I use rcu_assign_pointer() to have lockdep support, this was the choice made in neigh_flush_dev().

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
LinuxLinux767e97e1e0db0d0f3152cd2f3bd3403596aedbad, 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, 767e97e1e0db0d0f3152cd2f3bd3403596aedbad
LinuxLinux2.6.37, 0, 5.4.258
LinuxLinux5.10.198, 767e97e1e0db0d0f3152cd2f3bd3403596aedbad, 767e97e1e0db0d0f3152cd2f3bd3403596aedbad
linuxlinux_kernel2.6.37, 2.6.37, 2.6.37

Timeline

  • Mar 2, 2024 CVE Published
  • May 4, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›