CVE-2023-52596

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52596
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52596.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52596
Downstream
Published
2024-03-06T06:45:26.094Z
Modified
2026-03-11T16:04:37.558692Z
Summary
sysctl: Fix out of bounds access for empty sysctl registers
Details

In the Linux kernel, the following vulnerability has been resolved:

sysctl: Fix out of bounds access for empty sysctl registers

When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory (used for mounts). This check evaluates the first element of the ctl_table. This results in an out of bounds evaluation when registering empty directories.

The function registersysctlmountpoint now passes a ctltable of size 1 instead of size 0. It now relies solely on the type to identify a permanently empty register.

Make sure that the ctl_table has at least one element before testing for permanent emptiness.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52596.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9edbfe92a0a1355bae1e47c8f542ac0d39f19f8c
Fixed
15893975e9e382f8294ea8d926f08dc2d8d39ede
Fixed
2ae7081bc10123b187e36a4f3a8e53768de31489
Fixed
315552310c7de92baea4e570967066569937a843

Affected versions

v6.*
v6.5
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52596.json"
vanir_signatures 
[
    {
        "signature_type": "Function",
        "target": {
            "function": "get_links",
            "file": "fs/proc/proc_sysctl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
        "signature_version": "v1",
        "id": "CVE-2023-52596-02c2af95",
        "digest": {
            "function_hash": "13030975381535929140704745199424915605",
            "length": 605.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "fs/proc/proc_sysctl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
        "signature_version": "v1",
        "id": "CVE-2023-52596-42c01c27",
        "digest": {
            "line_hashes": [
                "331205227813525748337449475577217144180",
                "202362387178292020068925319666755021199",
                "225029166757210277283604577720689002337",
                "172286940978710546818091141344873937912",
                "16032621808443415313783348230106002329",
                "17199042881259572953803774662763916983",
                "33060458492404124636602009380922270542",
                "26906992715676139971118793963108332113",
                "72046208143686113784618107656390036547",
                "91150481204991021138829032858631434142",
                "289065514686434675368869729466370063579"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "insert_header",
            "file": "fs/proc/proc_sysctl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
        "signature_version": "v1",
        "id": "CVE-2023-52596-afff5ea7",
        "digest": {
            "function_hash": "99489623300237168435731014800083218473",
            "length": 675.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "register_sysctl_mount_point",
            "file": "fs/proc/proc_sysctl.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
        "signature_version": "v1",
        "id": "CVE-2023-52596-f96476fb",
        "digest": {
            "function_hash": "6000987126646564693909845850384480822",
            "length": 97.0
        },
        "deprecated": false
    }
]