{ "threat_severity" : "Important", "public_date" : "2024-11-28T00:00:00Z", "bugzilla" : { "description" : "kernel: can: bcm: Fix UAF in bcm_proc_show()", "id" : "2329370", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2329370" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncan: bcm: Fix UAF in bcm_proc_show()\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0xd5/0x150\nprint_report+0xc1/0x5e0\nkasan_report+0xba/0xf0\nbcm_proc_show+0x969/0xa80\nseq_read_iter+0x4f6/0x1260\nseq_read+0x165/0x210\nproc_reg_read+0x227/0x300\nvfs_read+0x1d5/0x8d0\nksys_read+0x11e/0x240\ndo_syscall_64+0x35/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nAllocated by task 7846:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\n__kasan_kmalloc+0x9e/0xa0\nbcm_sendmsg+0x264b/0x44e0\nsock_sendmsg+0xda/0x180\n____sys_sendmsg+0x735/0x920\n___sys_sendmsg+0x11d/0x1b0\n__sys_sendmsg+0xfa/0x1d0\ndo_syscall_64+0x35/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 7846:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\nkasan_save_free_info+0x27/0x40\n____kasan_slab_free+0x161/0x1c0\nslab_free_freelist_hook+0x119/0x220\n__kmem_cache_free+0xb4/0x2e0\nrcu_core+0x809/0x1bd0\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op." ], "acknowledgement" : "Red Hat would like to thank Anderson Nascimento (Allele Security Intelligence) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2517", "cpe" : "cpe:/o:redhat:rhel_els:6", "package" : "kernel-0:2.6.32-754.56.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2514", "cpe" : "cpe:/o:redhat:rhel_aus:7.7", "package" : "kernel-0:3.10.0-1062.93.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2510", "cpe" : "cpe:/a:redhat:rhel_extras_rt_els:7", "package" : "kernel-rt-0:3.10.0-1160.133.1.rt56.1285.el7" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2501", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "kernel-0:3.10.0-1160.133.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-03-19T00:00:00Z", "advisory" : "RHSA-2025:3027", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.45.1.rt7.386.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-03-19T00:00:00Z", "advisory" : "RHSA-2025:3026", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.45.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-03-20T00:00:00Z", "advisory" : "RHSA-2025:3049", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2646", "cpe" : "cpe:/o:redhat:rhel_aus:8.2", "package" : "kernel-0:4.18.0-193.146.1.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2528", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "kernel-0:4.18.0-305.151.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2524", "cpe" : "cpe:/a:redhat:rhel_tus:8.4::nfv", "package" : "kernel-rt-0:4.18.0-305.151.1.rt7.228.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2528", "cpe" : "cpe:/o:redhat:rhel_tus:8.4", "package" : "kernel-0:4.18.0-305.151.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2528", "cpe" : "cpe:/o:redhat:rhel_e4s:8.4", "package" : "kernel-0:4.18.0-305.151.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2025-03-20T00:00:00Z", "advisory" : "RHSA-2025:3093", "cpe" : "cpe:/o:redhat:rhel_e4s:8.4", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2489", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.141.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2489", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.141.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2489", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.141.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-03-20T00:00:00Z", "advisory" : "RHSA-2025:3095", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2525", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kernel-0:4.18.0-477.93.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2025-03-20T00:00:00Z", "advisory" : "RHSA-2025:3094", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2627", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.31.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2627", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.31.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-03-20T00:00:00Z", "advisory" : "RHSA-2025:3048", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2488", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.125.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2512", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.125.1.rt21.197.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-03-24T00:00:00Z", "advisory" : "RHSA-2025:3112", "cpe" : "cpe:/o:redhat:rhel_e4s:9.0", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2025-03-19T00:00:00Z", "advisory" : "RHSA-2025:3025", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "kernel-0:5.14.0-284.109.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2025-03-19T00:00:00Z", "advisory" : "RHSA-2025:3024", "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.109.1.rt14.394.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2025-03-20T00:00:00Z", "advisory" : "RHSA-2025:3096", "cpe" : "cpe:/o:redhat:rhel_eus:9.2", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2490", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.59.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-03-20T00:00:00Z", "advisory" : "RHSA-2025:3097", "cpe" : "cpe:/o:redhat:rhel_eus:9.4", "package" : "kpatch-patch" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-52922\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52922\nhttps://lore.kernel.org/linux-cve-announce/2024112856-CVE-2023-52922-39e1@gregkh/T" ], "name" : "CVE-2023-52922", "csaw" : false }