{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-52889","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T15:35:00.782Z","datePublished":"2024-08-17T09:08:43.973Z","dateUpdated":"2025-11-03T21:50:32.388Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:45:24.777Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["security/apparmor/lsm.c"],"versions":[{"version":"ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f","lessThan":"0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1","status":"affected","versionType":"git"},{"version":"ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f","lessThan":"347dcb84a4874b5fb375092c08d8cc4069b94f81","status":"affected","versionType":"git"},{"version":"ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f","lessThan":"290a6b88e8c19b6636ed1acc733d1458206f7697","status":"affected","versionType":"git"},{"version":"ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f","lessThan":"ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2","status":"affected","versionType":"git"},{"version":"ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f","lessThan":"6c920754f62cefc63fccdc38a062c7c3452e2961","status":"affected","versionType":"git"},{"version":"ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f","lessThan":"46c17ead5b7389e22e7dc9903fd0ba865d05bda2","status":"affected","versionType":"git"},{"version":"ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f","lessThan":"fce09ea314505a52f2436397608fa0a5d0934fb1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["security/apparmor/lsm.c"],"versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","status":"unaffected","versionType":"semver"},{"version":"5.4.282","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.224","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.165","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.103","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.44","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.3","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.282"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.224"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.15.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.1.103"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.6.44"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.10.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1"},{"url":"https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81"},{"url":"https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697"},{"url":"https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2"},{"url":"https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961"},{"url":"https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2"},{"url":"https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1"}],"title":"apparmor: Fix null pointer deref when receiving skb during sock creation","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-52889","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:11:55.468269Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T17:33:31.755Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:50:32.388Z"}}]}}