CVE-2023-52524

HIGH

Linux Kernel 5.4.251-5.4.257 - Improper Locking in NFC LLCP Device List

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/191d87a19cf1005ecf41e1ae08d74e17379e8391

Patch

https://git.kernel.org/stable/c/dba849cc98113b145c6e720122942c00b8012bdb

Patch

https://git.kernel.org/stable/c/4837a192f6d06d5bb2f3f47d6ce5353ab69bf86b

Patch

https://git.kernel.org/stable/c/7562780e32b84196731d57dd24563546fcf6d082

Patch

https://git.kernel.org/stable/c/29c16c2bf5866326d5fbc4a537b3997fcac23391

Patch

https://git.kernel.org/stable/c/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916

Scores

CVSS v3 7.8

EPSS 0.0018

EPSS Percentile 8.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (24)

Linux/Linux < 6.5

Linux/Linux 425d9d3a92df7d96b3cfb7ee5c240293a21cbde3 - 7562780e32b84196731d57dd24563546fcf6d082

Linux/Linux 5.10.188 - 5.10.198

Linux/Linux 5.10.198 - 5.10.*

Linux/Linux 5.15.121 - 5.15.135

Linux/Linux 5.15.135 - 5.15.*

Linux/Linux 5.4.251 - 5.4.258

Linux/Linux 5.4.258 - 5.4.*

Linux/Linux 6.1.39 - 6.1.57

Linux/Linux 6.1.57 - 6.1.*

... and 14 more

Published Mar 02, 2024

Tracked Since Feb 18, 2026