CVE-2023-52502
Published: Mar 2, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock. nfc_llcp_sock_get_sn() has a similar problem. Finally nfc_llcp_recv_snl() needs to make sure the socket found by nfc_llcp_sock_from_sn() does not disappear.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8f50020ed9b81ba909ce9573f9d05263cdebf502 - < e863f5720a5680e50c4cecf12424d7cc31b3eb0aaffected 8f50020ed9b81ba909ce9573f9d05263cdebf502 - < 7adcf014bda16cdbf804af5c164d94d5d025db2daffected 8f50020ed9b81ba909ce9573f9d05263cdebf502 - < 6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9affected 8f50020ed9b81ba909ce9573f9d05263cdebf502 - < d888d3f70b0de32b4f51534175f039ddab15eef8affected 8f50020ed9b81ba909ce9573f9d05263cdebf502 - < e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc+2 more versions |
Linux | Linux | affected 3.6unaffected 0 - < 3.6unaffected 4.19.297 - <= 4.19.*unaffected 5.4.259 - <= 5.4.*unaffected 5.10.199 - <= 5.10.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now