Auto-Update: 2024-07-14T10:00:18.452235+00:00

2025-05-31 18:51:16 +00:00 · 2024-07-14 10:03:12 +00:00 · 2024-07-14 10:03:12 +00:00 · adbd2f51b6
commit adbd2f51b6
parent d73c43911d
3 changed files with 57 additions and 8 deletions
--- a/CVE-2023/CVE-2023-528xx/CVE-2023-52885.json
+++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52885.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2023-52885",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2024-07-14T08:15:01.823",
+  "lastModified": "2024-07-14T08:15:01.823",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n  Read of size 8 at addr ffff888139d96228 by task nc/102553\n  CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n  Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n  Call Trace:\n   <IRQ>\n   dump_stack_lvl+0x33/0x50\n   print_address_description.constprop.0+0x27/0x310\n   print_report+0x3e/0x70\n   kasan_report+0xae/0xe0\n   svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n   tcp_data_queue+0x9f4/0x20e0\n   tcp_rcv_established+0x666/0x1f60\n   tcp_v4_do_rcv+0x51c/0x850\n   tcp_v4_rcv+0x23fc/0x2e80\n   ip_protocol_deliver_rcu+0x62/0x300\n   ip_local_deliver_finish+0x267/0x350\n   ip_local_deliver+0x18b/0x2d0\n   ip_rcv+0x2fb/0x370\n   __netif_receive_skb_one_core+0x166/0x1b0\n   process_backlog+0x24c/0x5e0\n   __napi_poll+0xa2/0x500\n   net_rx_action+0x854/0xc90\n   __do_softirq+0x1bb/0x5de\n   do_softirq+0xcb/0x100\n   </IRQ>\n   <TASK>\n   ...\n   </TASK>\n\n  Allocated by task 102371:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   __kasan_kmalloc+0x7b/0x90\n   svc_setup_socket+0x52/0x4f0 [sunrpc]\n   svc_addsock+0x20d/0x400 [sunrpc]\n   __write_ports_addfd+0x209/0x390 [nfsd]\n   write_ports+0x239/0x2c0 [nfsd]\n   nfsctl_transaction_write+0xac/0x110 [nfsd]\n   vfs_write+0x1c3/0xae0\n   ksys_write+0xed/0x1c0\n   do_syscall_64+0x38/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n  Freed by task 102551:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   kasan_save_free_info+0x2a/0x50\n   __kasan_slab_free+0x106/0x190\n   __kmem_cache_free+0x133/0x270\n   svc_xprt_free+0x1e2/0x350 [sunrpc]\n   svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n   nfsd_put+0x125/0x240 [nfsd]\n   nfsd_svc+0x2cb/0x3c0 [nfsd]\n   write_threads+0x1ac/0x2a0 [nfsd]\n   nfsctl_transaction_write+0xac/0x110 [nfsd]\n   vfs_write+0x1c3/0xae0\n   ksys_write+0xed/0x1c0\n   do_syscall_64+0x38/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/42725e5c1b181b757ba11d804443922982334d9b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7e1f989055622fd086c5dfb291fc72adf5660b6f",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c7b8c2d06e437639694abe76978e915cfb73f428",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/cd5ec3ee52ce4b7e283cc11facfa420c297c8065",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/ef047411887ff0845afd642d6a687819308e1a4e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/fbf4ace39b2e4f3833236afbb2336edbafd75eee",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/fc80fc2d4e39137869da3150ee169b40bf879287",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-14T04:00:18.203430+00:00
+2024-07-14T10:00:18.452235+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-14T02:15:03.420000+00:00
+2024-07-14T08:15:01.823000+00:00
 ```

 ### Last Data Feed Release
@ -33,15 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-256979
+256980
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `1`

- [CVE-2024-6729](CVE-2024/CVE-2024-67xx/CVE-2024-6729.json) (`2024-07-14T02:15:02.117`)
- [CVE-2024-6730](CVE-2024/CVE-2024-67xx/CVE-2024-6730.json) (`2024-07-14T02:15:03.420`)
+- [CVE-2023-52885](CVE-2023/CVE-2023-528xx/CVE-2023-52885.json) (`2024-07-14T08:15:01.823`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -238939,6 +238939,7 @@ CVE-2023-52881,0,0,6fd8affdcc64e7515585a36e8830d44119718460b76d8f8a6eab4860fa38e
 CVE-2023-52882,0,0,e51efc18668383cabb6a1a97b2fa54b9809b5bd71d28b08d72a7fdf9caf29900,2024-06-27T14:15:12.840000
 CVE-2023-52883,0,0,97759c00758e41d95ed1ae62b92bf41e3188ce0db01c0040d74fe100684b74d7,2024-07-03T01:44:10.627000
 CVE-2023-52884,0,0,bbf325b5c1ed57a9d1f4ab6303e0df9c8a8b60b96f00c7266f34fe596a2f1382,2024-06-21T11:22:01.687000
+CVE-2023-52885,1,1,57a1064013287e819cb0ff78e395ff8eee4dfcdc2e4f046e99e301d2f7a77586,2024-07-14T08:15:01.823000
 CVE-2023-5289,0,0,85a0656428a156af531ef9ce48391ff960ba4c2a8af32298a7386854e98b6d86,2023-10-02T18:13:04.227000
 CVE-2023-52890,0,0,98d004bfa32a49234fd94c1d29c092368def9b12c09abef3185e148025b433c1,2024-06-13T18:36:09.010000
 CVE-2023-52891,0,0,5e151a4d8c6f84e3d9dd04a36315448ea54aacacf0306d24e88a33c5bc6a9764,2024-07-09T18:19:14.047000
@ -256976,5 +256977,5 @@ CVE-2024-6679,0,0,193698b3a519c2de1af0fd23f7e404e2d54c730e4704d97d0092b63ef1c812
 CVE-2024-6680,0,0,131299d0989a76f846afb0c8ae15f4692f1a0fdd9931fad30c165660cd1232fc,2024-07-11T18:09:58.777000
 CVE-2024-6681,0,0,fd87484dafd740c0f788720b14149eb40f6b6d8ce371416d0e039ce9acf82071,2024-07-11T18:09:58.777000
 CVE-2024-6728,0,0,e183017f53cebadd8fd83fcd315bc6bb54392abb3d3fc4655226b62585a091c0,2024-07-14T01:15:01.940000
-CVE-2024-6729,1,1,fa42df8dffdc3aceaa852de6ae501e778aed5557b8af2eef2cc918445d4971ce,2024-07-14T02:15:02.117000
-CVE-2024-6730,1,1,1f06102f331be2f8c89ba0371b25dfc259847f3bd2a5119ede6d3559ac3922fd,2024-07-14T02:15:03.420000
+CVE-2024-6729,0,0,fa42df8dffdc3aceaa852de6ae501e778aed5557b8af2eef2cc918445d4971ce,2024-07-14T02:15:02.117000
+CVE-2024-6730,0,0,1f06102f331be2f8c89ba0371b25dfc259847f3bd2a5119ede6d3559ac3922fd,2024-07-14T02:15:03.420000