CVE-2023-52700 (GCVE-0-2023-52700)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:22 – Updated: 2025-05-04 07:41
VLAI?
Title
tipc: fix kernel warning when sending SYN message
Summary
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] <TASK> [ 13.398630] ? __alloc_skb+0xed/0x1a0 [ 13.398630] tipc_msg_build+0x12c/0x670 [tipc] [ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290 [ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc] [ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __local_bh_enable_ip+0x37/0x80 [ 13.398630] tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __sys_connect+0x9f/0xd0 [ 13.398630] __sys_connect+0x9f/0xd0 [ 13.398630] ? preempt_count_add+0x4d/0xa0 [ 13.398630] ? fpregs_assert_state_consistent+0x22/0x50 [ 13.398630] __x64_sys_connect+0x16/0x20 [ 13.398630] do_syscall_64+0x42/0x90 [ 13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd It is because commit a41dad905e5a ("iov_iter: saner checks for attempt to copy to/from iterator") has introduced sanity check for copying from/to iov iterator. Lacking of copy direction from the iterator viewpoint would lead to kernel stack trace like above. This commit fixes this issue by initializing the iov iterator with the correct copy direction when sending SYN or ACK without data.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: f25dcc7687d42a72de18aa41b04990a24c9e77c7 , < 54b6082aec178f16ad6d193b4ecdc9c4823d9a32 (git)
Affected: f25dcc7687d42a72de18aa41b04990a24c9e77c7 , < 11a4d6f67cf55883dc78e31c247d1903ed7feccc (git)
Create a notification for this product.
    Linux Linux Affected: 4.0
Unaffected: 0 , < 4.0 (semver)
Unaffected: 6.1.13 , ≤ 6.1.* (semver)
Unaffected: 6.2 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T14:38:23.667896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T14:28:36.244Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "54b6082aec178f16ad6d193b4ecdc9c4823d9a32",
              "status": "affected",
              "version": "f25dcc7687d42a72de18aa41b04990a24c9e77c7",
              "versionType": "git"
            },
            {
              "lessThan": "11a4d6f67cf55883dc78e31c247d1903ed7feccc",
              "status": "affected",
              "version": "f25dcc7687d42a72de18aa41b04990a24c9e77c7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "lessThan": "4.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.13",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel warning when sending SYN message\n\nWhen sending a SYN message, this kernel stack trace is observed:\n\n...\n[   13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550\n...\n[   13.398494] Call Trace:\n[   13.398630]  \u003cTASK\u003e\n[   13.398630]  ? __alloc_skb+0xed/0x1a0\n[   13.398630]  tipc_msg_build+0x12c/0x670 [tipc]\n[   13.398630]  ? shmem_add_to_page_cache.isra.71+0x151/0x290\n[   13.398630]  __tipc_sendmsg+0x2d1/0x710 [tipc]\n[   13.398630]  ? tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __local_bh_enable_ip+0x37/0x80\n[   13.398630]  tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __sys_connect+0x9f/0xd0\n[   13.398630]  __sys_connect+0x9f/0xd0\n[   13.398630]  ? preempt_count_add+0x4d/0xa0\n[   13.398630]  ? fpregs_assert_state_consistent+0x22/0x50\n[   13.398630]  __x64_sys_connect+0x16/0x20\n[   13.398630]  do_syscall_64+0x42/0x90\n[   13.398630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nIt is because commit a41dad905e5a (\"iov_iter: saner checks for attempt\nto copy to/from iterator\") has introduced sanity check for copying\nfrom/to iov iterator. Lacking of copy direction from the iterator\nviewpoint would lead to kernel stack trace like above.\n\nThis commit fixes this issue by initializing the iov iterator with\nthe correct copy direction when sending SYN or ACK without data."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:41:53.991Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32"
        },
        {
          "url": "https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc"
        }
      ],
      "title": "tipc: fix kernel warning when sending SYN message",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52700",
    "datePublished": "2024-05-21T15:22:50.702Z",
    "dateReserved": "2024-03-07T14:49:46.891Z",
    "dateUpdated": "2025-05-04T07:41:53.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T23:11:35.606Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52700\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-18T14:38:23.667896Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-18T14:38:37.229Z\"}}], \"cna\": {\"title\": \"tipc: fix kernel warning when sending SYN message\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"f25dcc7687d42a72de18aa41b04990a24c9e77c7\", \"lessThan\": \"54b6082aec178f16ad6d193b4ecdc9c4823d9a32\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f25dcc7687d42a72de18aa41b04990a24c9e77c7\", \"lessThan\": \"11a4d6f67cf55883dc78e31c247d1903ed7feccc\", \"versionType\": \"git\"}], \"programFiles\": [\"net/tipc/socket.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.1.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.2\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/tipc/socket.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32\"}, {\"url\": \"https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntipc: fix kernel warning when sending SYN message\\n\\nWhen sending a SYN message, this kernel stack trace is observed:\\n\\n...\\n[   13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550\\n...\\n[   13.398494] Call Trace:\\n[   13.398630]  \u003cTASK\u003e\\n[   13.398630]  ? __alloc_skb+0xed/0x1a0\\n[   13.398630]  tipc_msg_build+0x12c/0x670 [tipc]\\n[   13.398630]  ? shmem_add_to_page_cache.isra.71+0x151/0x290\\n[   13.398630]  __tipc_sendmsg+0x2d1/0x710 [tipc]\\n[   13.398630]  ? tipc_connect+0x1d9/0x230 [tipc]\\n[   13.398630]  ? __local_bh_enable_ip+0x37/0x80\\n[   13.398630]  tipc_connect+0x1d9/0x230 [tipc]\\n[   13.398630]  ? __sys_connect+0x9f/0xd0\\n[   13.398630]  __sys_connect+0x9f/0xd0\\n[   13.398630]  ? preempt_count_add+0x4d/0xa0\\n[   13.398630]  ? fpregs_assert_state_consistent+0x22/0x50\\n[   13.398630]  __x64_sys_connect+0x16/0x20\\n[   13.398630]  do_syscall_64+0x42/0x90\\n[   13.398630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\\n\\nIt is because commit a41dad905e5a (\\\"iov_iter: saner checks for attempt\\nto copy to/from iterator\\\") has introduced sanity check for copying\\nfrom/to iov iterator. Lacking of copy direction from the iterator\\nviewpoint would lead to kernel stack trace like above.\\n\\nThis commit fixes this issue by initializing the iov iterator with\\nthe correct copy direction when sending SYN or ACK without data.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T08:24:23.797Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-52700\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T08:24:23.797Z\", \"dateReserved\": \"2024-03-07T14:49:46.891Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-21T15:22:50.702Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.