{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-52922","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-08-21T06:07:11.018Z","datePublished":"2024-11-28T15:09:51.360Z","dateUpdated":"2025-06-13T20:05:35.471Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:46:03.854Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Fix UAF in bcm_proc_show()\n\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\n\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0xd5/0x150\n print_report+0xc1/0x5e0\n kasan_report+0xba/0xf0\n bcm_proc_show+0x969/0xa80\n seq_read_iter+0x4f6/0x1260\n seq_read+0x165/0x210\n proc_reg_read+0x227/0x300\n vfs_read+0x1d5/0x8d0\n ksys_read+0x11e/0x240\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAllocated by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x9e/0xa0\n bcm_sendmsg+0x264b/0x44e0\n sock_sendmsg+0xda/0x180\n ____sys_sendmsg+0x735/0x920\n ___sys_sendmsg+0x11d/0x1b0\n __sys_sendmsg+0xfa/0x1d0\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n ____kasan_slab_free+0x161/0x1c0\n slab_free_freelist_hook+0x119/0x220\n __kmem_cache_free+0xb4/0x2e0\n rcu_core+0x809/0x1bd0\n\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/can/bcm.c"],"versions":[{"version":"ffd980f976e7fd666c2e61bf8ab35107efd11828","lessThan":"11b8e27ed448baa385d90154a141466bd5e92f18","status":"affected","versionType":"git"},{"version":"ffd980f976e7fd666c2e61bf8ab35107efd11828","lessThan":"9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff","status":"affected","versionType":"git"},{"version":"ffd980f976e7fd666c2e61bf8ab35107efd11828","lessThan":"9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6","status":"affected","versionType":"git"},{"version":"ffd980f976e7fd666c2e61bf8ab35107efd11828","lessThan":"cf254b4f68e480e73dab055014e002b77aed30ed","status":"affected","versionType":"git"},{"version":"ffd980f976e7fd666c2e61bf8ab35107efd11828","lessThan":"3c3941bb1eb53abe7d640ffee5c4d6b559829ab3","status":"affected","versionType":"git"},{"version":"ffd980f976e7fd666c2e61bf8ab35107efd11828","lessThan":"995f47d76647708ec26c6e388663ad4f3f264787","status":"affected","versionType":"git"},{"version":"ffd980f976e7fd666c2e61bf8ab35107efd11828","lessThan":"dfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7","status":"affected","versionType":"git"},{"version":"ffd980f976e7fd666c2e61bf8ab35107efd11828","lessThan":"55c3b96074f3f9b0aee19bf93cd71af7516582bb","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/can/bcm.c"],"versions":[{"version":"2.6.25","status":"affected"},{"version":"0","lessThan":"2.6.25","status":"unaffected","versionType":"semver"},{"version":"4.14.322","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.291","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.251","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.188","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.123","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.42","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.7","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"4.14.322"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"4.19.291"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.4.251"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.10.188"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.15.123"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.1.42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.4.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11b8e27ed448baa385d90154a141466bd5e92f18"},{"url":"https://git.kernel.org/stable/c/9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff"},{"url":"https://git.kernel.org/stable/c/9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6"},{"url":"https://git.kernel.org/stable/c/cf254b4f68e480e73dab055014e002b77aed30ed"},{"url":"https://git.kernel.org/stable/c/3c3941bb1eb53abe7d640ffee5c4d6b559829ab3"},{"url":"https://git.kernel.org/stable/c/995f47d76647708ec26c6e388663ad4f3f264787"},{"url":"https://git.kernel.org/stable/c/dfd0aa26e9a07f2ce546ccf8304ead6a2914e8a7"},{"url":"https://git.kernel.org/stable/c/55c3b96074f3f9b0aee19bf93cd71af7516582bb"}],"title":"can: bcm: Fix UAF in bcm_proc_show()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-52922","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-12-11T14:25:19.812424Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-416","description":"CWE-416 Use After Free"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-11T14:58:31.347Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-06-13T20:05:35.471Z"},"references":[{"url":"https://allelesecurity.com/use-after-free-vulnerability-in-can-bcm-subsystem-leading-to-information-disclosure-cve-2023-52922/"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}]}}