5.5
MEDIUM
CVE-2023-52845
Linux kernel TIPC null-terminated string vulnerability.
Description

In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [inline] strstr+0xb8/0x2f0 lib/string.c:756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline] genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd TIPC bearer-related names including link names must be null-terminated strings. If a link name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This causes the above issue. This patch changes the nla_policy for bearer-related names from NLA_STRING to NLA_NUL_STRING. This resolves the issue by ensuring that only null-terminated strings are accepted as bearer-related names. syzbot reported similar uninit-value issue related to bearer names [2]. The root cause of this issue is that a non-null-terminated bearer name was passed. This patch also resolved this issue.

INFO

Published Date :

May 21, 2024, 4:15 p.m.

Last Modified :

Jan. 31, 2025, 4:01 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2023-52845 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-52845.

URL Resource
https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 Patch
https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 Patch
https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 Patch
https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 Patch
https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 Patch
https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 Patch
https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d Patch
https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 Patch
https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 Patch
https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 Patch
https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 Patch
https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 Patch
https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 Patch
https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 Patch
https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 Patch
https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d Patch
https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 Patch
https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-52845 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-52845 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 31, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-908
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.19 up to (excluding) 4.14.330 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.299 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.261 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.201 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.139 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.63 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.5.12 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6 up to (excluding) 6.6.2
    Changed Reference Type https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 No Types Assigned https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 Patch
    Changed Reference Type https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 No Types Assigned https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 Patch
    Changed Reference Type https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 No Types Assigned https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 Patch
    Changed Reference Type https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 No Types Assigned https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 Patch
    Changed Reference Type https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 No Types Assigned https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 Patch
    Changed Reference Type https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 No Types Assigned https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 Patch
    Changed Reference Type https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 No Types Assigned https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 Patch
    Changed Reference Type https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 No Types Assigned https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 Patch
    Changed Reference Type https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 No Types Assigned https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 No Types Assigned https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 No Types Assigned https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 Patch
    Changed Reference Type https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 No Types Assigned https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 Patch
    Changed Reference Type https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d No Types Assigned https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d Patch
    Changed Reference Type https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d No Types Assigned https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d Patch
    Changed Reference Type https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 No Types Assigned https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 Patch
    Changed Reference Type https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 No Types Assigned https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 Patch
    Changed Reference Type https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 No Types Assigned https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 Patch
    Changed Reference Type https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 No Types Assigned https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579
    Added Reference https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0
    Added Reference https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6
    Added Reference https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8
    Added Reference https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4
    Added Reference https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709
    Added Reference https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d
    Added Reference https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04
    Added Reference https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 21, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [inline] strstr+0xb8/0x2f0 lib/string.c:756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline] genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd TIPC bearer-related names including link names must be null-terminated strings. If a link name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This causes the above issue. This patch changes the nla_policy for bearer-related names from NLA_STRING to NLA_NUL_STRING. This resolves the issue by ensuring that only null-terminated strings are accepted as bearer-related names. syzbot reported similar uninit-value issue related to bearer names [2]. The root cause of this issue is that a non-null-terminated bearer name was passed. This patch also resolved this issue.
    Added Reference kernel.org https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-52845 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-52845 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 14, 2025 19:04