CVE-2023-52502

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-52502

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52502.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-52502

Downstream

BELL-CVE-2023-52502

DEBIAN-CVE-2023-52502

OESA-2024-1353

OESA-2024-1355

OESA-2024-1356

OESA-2024-1357

OESA-2024-1392

OESA-2024-1393

SUSE-SU-2024:0856-1

SUSE-SU-2024:0857-1

SUSE-SU-2024:0925-1

SUSE-SU-2024:0926-1

SUSE-SU-2024:0975-1

SUSE-SU-2024:0976-1

SUSE-SU-2024:1320-1

SUSE-SU-2024:1321-1

SUSE-SU-2024:1466-1

SUSE-SU-2024:1480-1

SUSE-SU-2024:1490-1

SUSE-SU-2024:1677-1

SUSE-SU-2024:1679-1

SUSE-SU-2024:1680-1

SUSE-SU-2024:1682-1

SUSE-SU-2024:1685-1

SUSE-SU-2024:1686-1

SUSE-SU-2024:1692-1

SUSE-SU-2024:1695-1

SUSE-SU-2024:1696-1

SUSE-SU-2024:1705-1

SUSE-SU-2024:1706-1

SUSE-SU-2024:1707-1

SUSE-SU-2024:1709-1

SUSE-SU-2024:1711-1

SUSE-SU-2024:1712-1

SUSE-SU-2024:1713-1

SUSE-SU-2024:1720-1

SUSE-SU-2024:1723-1

SUSE-SU-2024:1726-1

SUSE-SU-2024:1729-1

SUSE-SU-2024:1731-1

SUSE-SU-2024:1732-1

SUSE-SU-2024:1735-1

SUSE-SU-2024:1736-1

SUSE-SU-2024:1739-1

SUSE-SU-2024:1740-1

SUSE-SU-2024:1742-1

SUSE-SU-2024:1746-1

SUSE-SU-2024:1748-1

SUSE-SU-2024:1749-1

SUSE-SU-2024:1751-1

SUSE-SU-2024:1753-1

SUSE-SU-2024:1757-1

SUSE-SU-2024:1759-1

SUSE-SU-2024:2092-1

SUSE-SU-2024:2100-1

SUSE-SU-2024:2162-1

SUSE-SU-2024:2163-1

SUSE-SU-2024:2207-1

SUSE-SU-2024:2208-1

SUSE-SU-2024:2337-1

SUSE-SU-2024:2382-1

SUSE-SU-2024:2446-1

SUSE-SU-2024:2447-1

SUSE-SU-2024:2472-1

SUSE-SU-2024:2722-1

SUSE-SU-2024:2751-1

SUSE-SU-2024:2824-1

SUSE-SU-2024:2840-1

SUSE-SU-2024:2850-1

SUSE-SU-2024:2851-1

SUSE-SU-2024:3318-1

SUSE-SU-2024:3347-1

SUSE-SU-2024:3368-1

SUSE-SU-2024:3379-1

SUSE-SU-2024:3399-1

SUSE-SU-2024:3623-1

SUSE-SU-2024:3631-1

SUSE-SU-2024:3694-1

SUSE-SU-2024:3695-1

SUSE-SU-2024:3697-1

SUSE-SU-2024:3793-1

SUSE-SU-2024:3815-1

SUSE-SU-2024:3829-1

SUSE-SU-2024:3837-1

SUSE-SU-2024:3842-1

SUSE-SU-2024:3852-1

SUSE-SU-2024:4122-1

SUSE-SU-2024:4123-1

SUSE-SU-2024:4214-1

SUSE-SU-2024:4218-1

SUSE-SU-2024:4234-1

SUSE-SU-2024:4266-1

SUSE-SU-2025:0107-1

SUSE-SU-2025:0109-1

SUSE-SU-2025:0115-1

SUSE-SU-2025:0158-1

SUSE-SU-2025:0251-1

SUSE-SU-2025:0252-1

SUSE-SU-2025:0261-1

SUSE-SU-2025:0266-1

UBUNTU-CVE-2023-52502

USN-7121-1

USN-7121-2

USN-7121-3

USN-7148-1

Related

SUSE-SU-2024:0856-1
SUSE-SU-2024:0857-1
SUSE-SU-2024:0925-1
SUSE-SU-2024:0926-1
SUSE-SU-2024:0975-1
SUSE-SU-2024:0976-1
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1
SUSE-SU-2024:1677-1
SUSE-SU-2024:1679-1
SUSE-SU-2024:1680-1
SUSE-SU-2024:1682-1
SUSE-SU-2024:1685-1
SUSE-SU-2024:1686-1
SUSE-SU-2024:1692-1
SUSE-SU-2024:1695-1
SUSE-SU-2024:1696-1
SUSE-SU-2024:1705-1
SUSE-SU-2024:1706-1
SUSE-SU-2024:1707-1
SUSE-SU-2024:1709-1
SUSE-SU-2024:1711-1
SUSE-SU-2024:1712-1
SUSE-SU-2024:1713-1
SUSE-SU-2024:1720-1
SUSE-SU-2024:1723-1
SUSE-SU-2024:1726-1
SUSE-SU-2024:1729-1
SUSE-SU-2024:1731-1
SUSE-SU-2024:1732-1
SUSE-SU-2024:1735-1
SUSE-SU-2024:1736-1
SUSE-SU-2024:1739-1
SUSE-SU-2024:1740-1
SUSE-SU-2024:1742-1
SUSE-SU-2024:1746-1
SUSE-SU-2024:1748-1
SUSE-SU-2024:1749-1
SUSE-SU-2024:1751-1
SUSE-SU-2024:1753-1
SUSE-SU-2024:1757-1
SUSE-SU-2024:1759-1
SUSE-SU-2024:2092-1
SUSE-SU-2024:2100-1
SUSE-SU-2024:2162-1
SUSE-SU-2024:2163-1
SUSE-SU-2024:2207-1
SUSE-SU-2024:2208-1
SUSE-SU-2024:2337-1
SUSE-SU-2024:2382-1
SUSE-SU-2024:2446-1
SUSE-SU-2024:2447-1
SUSE-SU-2024:2472-1
SUSE-SU-2024:2722-1
SUSE-SU-2024:2751-1
SUSE-SU-2024:2824-1
SUSE-SU-2024:2840-1
SUSE-SU-2024:2850-1
SUSE-SU-2024:2851-1
SUSE-SU-2024:3318-1
SUSE-SU-2024:3347-1
SUSE-SU-2024:3368-1
SUSE-SU-2024:3379-1
SUSE-SU-2024:3399-1
SUSE-SU-2024:3623-1
SUSE-SU-2024:3631-1
SUSE-SU-2024:3694-1
SUSE-SU-2024:3695-1
SUSE-SU-2024:3697-1
SUSE-SU-2024:3793-1
SUSE-SU-2024:3815-1
SUSE-SU-2024:3829-1
SUSE-SU-2024:3837-1
SUSE-SU-2024:3842-1
SUSE-SU-2024:3852-1
SUSE-SU-2024:4122-1
SUSE-SU-2024:4123-1
SUSE-SU-2024:4214-1
SUSE-SU-2024:4218-1
SUSE-SU-2024:4234-1
SUSE-SU-2024:4266-1
SUSE-SU-2025:0107-1
SUSE-SU-2025:0109-1
SUSE-SU-2025:0115-1
SUSE-SU-2025:0158-1
SUSE-SU-2025:0251-1
SUSE-SU-2025:0252-1
SUSE-SU-2025:0261-1
SUSE-SU-2025:0266-1

Published

2024-03-02T21:52:17.218Z

Modified

2026-03-14T12:23:11.637738Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()

Details

In the Linux kernel, the following vulnerability has been resolved:

net: nfc: fix races in nfcllcpsockget() and nfcllcpsockget_sn()

Sili Luo reported a race in nfcllcpsock_get(), leading to UAF.

Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock.

nfcllcpsockgetsn() has a similar problem.

Finally nfcllcprecvsnl() needs to make sure the socket found by nfcllcpsockfrom_sn() does not disappear.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52502.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

8f50020ed9b81ba909ce9573f9d05263cdebf502

Fixed

e863f5720a5680e50c4cecf12424d7cc31b3eb0a

Fixed

7adcf014bda16cdbf804af5c164d94d5d025db2d

Fixed

6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9

Fixed

d888d3f70b0de32b4f51534175f039ddab15eef8

Fixed

e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc

Fixed

d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c

Fixed

31c07dffafce914c1d1543c135382a11ff058d93

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52502.json"