CVE-2023-53987

After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock"), we use RCU for ping sockets, but we should use spinlock for /proc/net/icmp to avoid a potential NULL deref mentioned in the previous patch.

Let's go back to using spinlock there.

Note we can convert ping sockets to use hlist instead of hlistnulls because we do not use SLABTYPESAFEBYRCU for ping sockets.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53987.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dbca1596bbb08318f5e3b3b99f8ca0a0d3830a65

Fixed

5a08a32e624908890aa0a2eb442bb6a7669891a8

Fixed

176cbb6da28f36506cc60a4bec4ab8df0c16713a

Fixed

ab5fb73ffa01072b4d8031cc05801fa1cb653bee

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

de3d723a3985f282a8c9e468d1e198616eb291c8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53987.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.1.24

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.2.11

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53987.json"