In the Linux kernel, the following vulnerability has been resolved:
hsr: Prevent use after free in prpcreatetagged_frame()
The prpfillrct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb. So it's straight forward to fix bug by using the returned value.
[
{
"id": "CVE-2023-52846-19f71636",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18",
"digest": {
"length": 564.0,
"function_hash": "270177043776203782950779469307987283151"
},
"signature_version": "v1",
"target": {
"function": "prp_create_tagged_frame",
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-52846-24e33803",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6086258bd5ea7b5c706ff62da42b8e271b2401db",
"digest": {
"length": 564.0,
"function_hash": "270177043776203782950779469307987283151"
},
"signature_version": "v1",
"target": {
"function": "prp_create_tagged_frame",
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-52846-2dffafaf",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18",
"digest": {
"line_hashes": [
"42118111257416798343327272594396456375",
"299107269518575538439326287746354390597",
"190740558342082199511912955523981319072",
"291271117247037831348074808520458396934",
"158286340407833330067333582995613069645"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-52846-43b58319",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ddf4e04e946aaa6c458b8b6829617cc44af2bffd",
"digest": {
"length": 446.0,
"function_hash": "43782833032969067828040379722184393560"
},
"signature_version": "v1",
"target": {
"function": "prp_create_tagged_frame",
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-52846-4f9c4da9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6086258bd5ea7b5c706ff62da42b8e271b2401db",
"digest": {
"line_hashes": [
"42118111257416798343327272594396456375",
"299107269518575538439326287746354390597",
"190740558342082199511912955523981319072",
"291271117247037831348074808520458396934",
"158286340407833330067333582995613069645"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-52846-5e7b7ec6",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d103fb6726904e353b4773188ee3d3acb4078363",
"digest": {
"line_hashes": [
"42118111257416798343327272594396456375",
"299107269518575538439326287746354390597",
"190740558342082199511912955523981319072",
"291271117247037831348074808520458396934",
"158286340407833330067333582995613069645"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-52846-9b43aa51",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1a485e45d24b1cd8fe834fd6f1b06e2903827da",
"digest": {
"line_hashes": [
"42118111257416798343327272594396456375",
"299107269518575538439326287746354390597",
"190740558342082199511912955523981319072",
"291271117247037831348074808520458396934",
"158286340407833330067333582995613069645"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-52846-b9a6e831",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1a485e45d24b1cd8fe834fd6f1b06e2903827da",
"digest": {
"length": 564.0,
"function_hash": "270177043776203782950779469307987283151"
},
"signature_version": "v1",
"target": {
"function": "prp_create_tagged_frame",
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-52846-bb4e6d3c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@876f8ab52363f649bcc74072157dfd7adfbabc0d",
"digest": {
"length": 564.0,
"function_hash": "270177043776203782950779469307987283151"
},
"signature_version": "v1",
"target": {
"function": "prp_create_tagged_frame",
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-52846-e4b68ec9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ddf4e04e946aaa6c458b8b6829617cc44af2bffd",
"digest": {
"line_hashes": [
"42118111257416798343327272594396456375",
"299107269518575538439326287746354390597",
"190740558342082199511912955523981319072",
"291271117247037831348074808520458396934",
"158286340407833330067333582995613069645"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-52846-e7558218",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d103fb6726904e353b4773188ee3d3acb4078363",
"digest": {
"length": 564.0,
"function_hash": "270177043776203782950779469307987283151"
},
"signature_version": "v1",
"target": {
"function": "prp_create_tagged_frame",
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-52846-ef7e17cb",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@876f8ab52363f649bcc74072157dfd7adfbabc0d",
"digest": {
"line_hashes": [
"42118111257416798343327272594396456375",
"299107269518575538439326287746354390597",
"190740558342082199511912955523981319072",
"291271117247037831348074808520458396934",
"158286340407833330067333582995613069645"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/hsr/hsr_forward.c"
},
"signature_type": "Line",
"deprecated": false
}
]