Vulnerability-Lookup

BDU:2024-01805

Vulnerability from fstec - Published: 15.09.2023

Title

Уязвимость функции __skb_flow_dissect() сетевой компоненты ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации

Description

Уязвимость функции __skb_flow_dissect() в модуле net/core/flow_dissector.c сетевой компоненты ядра операционной системы Linux связана с некорректным вычислением смещения сетевого заголовка. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на конфиденциальность и доступность защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Vendor

ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, ООО «Ред Софт», Novell Inc.

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Suse Linux Enterprise Server, Suse Linux Enterprise Desktop, SUSE Manager Retail Branch Server, SUSE Manager Proxy, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Micro, SUSE Linux Enterprise Module for SAP Applications, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise Real Time, Linux, SUSE Real Time Module

Software Version

1.6 «Смоленск» (Astra Linux Special Edition), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 15 SP4 (Suse Linux Enterprise Server), 15 SP4 (Suse Linux Enterprise Desktop), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 4.7 (Astra Linux Special Edition), 5.3 (SUSE Linux Enterprise Micro), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP4 (SUSE Linux Enterprise Module for SAP Applications), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP5 (SUSE Linux Enterprise Module for Development Tools), 15 SP5 (SUSE Linux Enterprise Module for Public Cloud), 15 SP4 (SUSE Linux Enterprise Real Time), 15 SP5 (SUSE Linux Enterprise Real Time), 5.4 (SUSE Linux Enterprise Micro), от 6.2 до 6.5.5 включительно (Linux), от 5.16 до 6.1.55 включительно (Linux), 15 SP5 (SUSE Linux Enterprise Module for SAP Applications), 5.5 (SUSE Linux Enterprise Micro), 15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP5 (SUSE Real Time Module), 15 SP4 (SUSE Real Time Module), от 5.12 до 5.15.133 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.56 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.6 https://git.kernel.org/linus/75ad80ed88a182ab2ad5513e448cf07b403af5c3 https://git.kernel.org/stable/c/488ea2a3e2666022f79abfdd7d12e8305fc27a40 https://git.kernel.org/stable/c/48e105a2a1a10adc21c0ae717969f5e8e990ba48 https://git.kernel.org/stable/c/75ad80ed88a182ab2ad5513e448cf07b403af5c3 https://git.kernel.org/stable/c/f90a7b9586d72f907092078a9f394733ca502cc9 https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/ https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/T/#u Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2023-52580.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2023-52580 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС Astra Linux: - обновить пакет linux-5.15 до 5.15.0-111.astra2+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 - обновить пакет linux-6.1 до 6.1.90-1.astra3+ci20 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для Astra Linux Special Edition 1.6 «Смоленск»:: обновить пакет linux-5.15 до 5.15.0-111.astra2+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16 Для Astra Linux Special Edition 4.7 для архитектуры ARM: - обновить пакет linux-5.15 до 5.15.0-111.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 - обновить пакет linux-6.1 до 6.1.90-1.astra3+ci156 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47

Reference

http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52580 https://git.kernel.org/linus/75ad80ed88a182ab2ad5513e448cf07b403af5c3 https://git.kernel.org/stable/c/488ea2a3e2666022f79abfdd7d12e8305fc27a40 https://git.kernel.org/stable/c/48e105a2a1a10adc21c0ae717969f5e8e990ba48 https://git.kernel.org/stable/c/75ad80ed88a182ab2ad5513e448cf07b403af5c3 https://git.kernel.org/stable/c/f90a7b9586d72f907092078a9f394733ca502cc9 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.56 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.6 https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/ https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/T/#u https://security-tracker.debian.org/tracker/CVE-2023-52580 https://vuldb.com/ru/?id.255525 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://www.cve.org/CVERecord?id=CVE-2023-52580 https://www.suse.com/security/cve/CVE-2023-52580.html

CWE

CWE-131, CWE-404

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 15 SP4 (Suse Linux Enterprise Server), 15 SP4 (Suse Linux Enterprise Desktop), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 4.7 (Astra Linux Special Edition), 5.3 (SUSE Linux Enterprise Micro), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP4 (SUSE Linux Enterprise Module for SAP Applications), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP5 (SUSE Linux Enterprise Module for Development Tools), 15 SP5 (SUSE Linux Enterprise Module for Public Cloud), 15 SP4 (SUSE Linux Enterprise Real Time), 15 SP5 (SUSE Linux Enterprise Real Time), 5.4 (SUSE Linux Enterprise Micro), \u043e\u0442 6.2 \u0434\u043e 6.5.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.16 \u0434\u043e 6.1.55 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 15 SP5 (SUSE Linux Enterprise Module for SAP Applications), 5.5 (SUSE Linux Enterprise Micro), 15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP5 (SUSE Real Time Module), 15 SP4 (SUSE Real Time Module), \u043e\u0442 5.12 \u0434\u043e 5.15.133 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.56\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.6\nhttps://git.kernel.org/linus/75ad80ed88a182ab2ad5513e448cf07b403af5c3\nhttps://git.kernel.org/stable/c/488ea2a3e2666022f79abfdd7d12e8305fc27a40\nhttps://git.kernel.org/stable/c/48e105a2a1a10adc21c0ae717969f5e8e990ba48\nhttps://git.kernel.org/stable/c/75ad80ed88a182ab2ad5513e448cf07b403af5c3\nhttps://git.kernel.org/stable/c/f90a7b9586d72f907092078a9f394733ca502cc9\nhttps://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/\nhttps://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/T/#u\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2023-52580.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-52580\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-111.astra2+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.90-1.astra3+ci20 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb::\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-111.astra2+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-111.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.90-1.astra3+ci156 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.12.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.03.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01805",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-52580",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Suse Linux Enterprise Server, Suse Linux Enterprise Desktop, SUSE Manager Retail Branch Server, SUSE Manager Proxy, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Micro, SUSE Linux Enterprise Module for SAP Applications, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise Real Time, Linux, SUSE Real Time Module",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Desktop 15 SP5 , Novell Inc. SUSE Linux Enterprise Real Time 15 SP4 , Novell Inc. SUSE Linux Enterprise Real Time 15 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.2 \u0434\u043e 6.5.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.16 \u0434\u043e 6.1.55 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.12 \u0434\u043e 5.15.133 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 __skb_flow_dissect() \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-131), \u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 __skb_flow_dissect() \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 net/core/flow_dissector.c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52580\nhttps://git.kernel.org/linus/75ad80ed88a182ab2ad5513e448cf07b403af5c3\nhttps://git.kernel.org/stable/c/488ea2a3e2666022f79abfdd7d12e8305fc27a40\nhttps://git.kernel.org/stable/c/48e105a2a1a10adc21c0ae717969f5e8e990ba48\nhttps://git.kernel.org/stable/c/75ad80ed88a182ab2ad5513e448cf07b403af5c3\nhttps://git.kernel.org/stable/c/f90a7b9586d72f907092078a9f394733ca502cc9\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.56\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.6\nhttps://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/\nhttps://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/T/#u\nhttps://security-tracker.debian.org/tracker/CVE-2023-52580\nhttps://vuldb.com/ru/?id.255525\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://www.cve.org/CVERecord?id=CVE-2023-52580\nhttps://www.suse.com/security/cve/CVE-2023-52580.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-131, CWE-404",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}

CVE-2023-52580 (GCVE-0-2023-52580)

Vulnerability from cvelistv5 – Published: 2024-03-02 21:59 – Updated: 2026-05-11 19:29

Title

net/core: Fix ETH_P_1588 flow dissector

Summary

In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation is wrong. For example: hdr->message_length takes the wrong value (0xffff) and it does not replicate real header length. In this case, 'nhoff' value was overridden and the PTP header was badly dissected. This leads to a kernel crash. net/core: flow_dissector net/core flow dissector nhoff = 0x0000000e net/core flow dissector hdr->message_length = 0x0000ffff net/core flow dissector nhoff = 0x0001000d (u16 overflow) ... skb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88 skb frag: 00000000: f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Using the size of the ptp_header struct will allow the corrected calculation of the nhoff value. net/core flow dissector nhoff = 0x0000000e net/core flow dissector nhoff = 0x00000030 (sizeof ptp_header) ... skb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88 f7 ff ff skb linear: 00000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff skb linear: 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff skb frag: 00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Kernel trace: [ 74.984279] ------------[ cut here ]------------ [ 74.989471] kernel BUG at include/linux/skbuff.h:2440! [ 74.995237] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 75.001098] CPU: 4 PID: 0 Comm: swapper/4 Tainted: G U 5.15.85-intel-ese-standard-lts #1 [ 75.011629] Hardware name: Intel Corporation A-Island (CPU:AlderLake)/A-Island (ID:06), BIOS SB_ADLP.01.01.00.01.03.008.D-6A9D9E73-dirty Mar 30 2023 [ 75.026507] RIP: 0010:eth_type_trans+0xd0/0x130 [ 75.031594] Code: 03 88 47 78 eb c7 8b 47 68 2b 47 6c 48 8b 97 c0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb ab <0f> 0b b8 00 01 00 00 eb a2 48 85 ff 74 eb 48 8d 54 24 06 31 f6 b9 [ 75.052612] RSP: 0018:ffff9948c0228de0 EFLAGS: 00010297 [ 75.058473] RAX: 00000000000003f2 RBX: ffff8e47047dc300 RCX: 0000000000001003 [ 75.066462] RDX: ffff8e4e8c9ea040 RSI: ffff8e4704e0a000 RDI: ffff8e47047dc300 [ 75.074458] RBP: ffff8e4704e2acc0 R08: 00000000000003f3 R09: 0000000000000800 [ 75.082466] R10: 000000000000000d R11: ffff9948c0228dec R12: ffff8e4715e4e010 [ 75.090461] R13: ffff9948c0545018 R14: 0000000000000001 R15: 0000000000000800 [ 75.098464] FS: 0000000000000000(0000) GS:ffff8e4e8fb00000(0000) knlGS:0000000000000000 [ 75.107530] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.113982] CR2: 00007f5eb35934a0 CR3: 0000000150e0a002 CR4: 0000000000770ee0 [ 75.121980] PKRU: 55555554 [ 75.125035] Call Trace: [ 75.127792] <IRQ> [ 75.130063] ? eth_get_headlen+0xa4/0xc0 [ 75.134472] igc_process_skb_fields+0xcd/0x150 [ 75.139461] igc_poll+0xc80/0x17b0 [ 75.143272] __napi_poll+0x27/0x170 [ 75.147192] net_rx_action+0x234/0x280 [ 75.151409] __do_softirq+0xef/0x2f4 [ 75.155424] irq_exit_rcu+0xc7/0x110 [ 75.159432] common_interrupt+0xb8/0xd0 [ 75.163748] </IRQ> [ 75.166112] <TASK> [ 75.168473] asm_common_interrupt+0x22/0x40 [ 75.173175] RIP: 0010:cpuidle_enter_state+0xe2/0x350 [ 75.178749] Code: 85 c0 0f 8f 04 02 00 00 31 ff e8 39 6c 67 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 50 02 00 00 31 ff e8 52 b0 6d ff fb 45 85 f6 <0f> 88 b1 00 00 00 49 63 ce 4c 2b 2c 24 48 89 c8 48 6b d1 68 48 c1 [ 75.199757] RSP: 0018:ffff9948c013bea8 EFLAGS: 00000202 [ 75.205614] RAX: ffff8e4e8fb00000 RBX: ffffb948bfd23900 RCX: 000000000000001f [ 75.213619] RDX: 0000000000000004 RSI: ffffffff94206161 RDI: ffffffff94212e20 [ 75.221620] RBP: 0000000000000004 R08: 000000117568973a R09: 0000000000000001 [ 75.229622] R10: 000000000000afc8 R11: ffff8e4e8fb29ce4 R12: ffffffff945ae980 [ 75.237628] R13: 000000117568973a R14: 0000000000000004 R15: 0000000000000000 [ 75.245635] ? ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/f90a7b9586d72f907…
https://git.kernel.org/stable/c/488ea2a3e2666022f…
https://git.kernel.org/stable/c/48e105a2a1a10adc2…
https://git.kernel.org/stable/c/75ad80ed88a182ab2…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6 , < f90a7b9586d72f907092078a9f394733ca502cc9 (git) Affected: 4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6 , < 488ea2a3e2666022f79abfdd7d12e8305fc27a40 (git) Affected: 4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6 , < 48e105a2a1a10adc21c0ae717969f5e8e990ba48 (git) Affected: 4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6 , < 75ad80ed88a182ab2ad5513e448cf07b403af5c3 (git)
Linux	Linux	Affected: 5.12 Unaffected: 0 , < 5.12 (semver) Unaffected: 5.15.134 , ≤ 5.15.* (semver) Unaffected: 6.1.56 , ≤ 6.1.* (semver) Unaffected: 6.5.6 , ≤ 6.5.* (semver) Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52580",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T15:52:44.572506Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:35.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f90a7b9586d72f907092078a9f394733ca502cc9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/488ea2a3e2666022f79abfdd7d12e8305fc27a40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48e105a2a1a10adc21c0ae717969f5e8e990ba48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75ad80ed88a182ab2ad5513e448cf07b403af5c3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/flow_dissector.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f90a7b9586d72f907092078a9f394733ca502cc9",
              "status": "affected",
              "version": "4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6",
              "versionType": "git"
            },
            {
              "lessThan": "488ea2a3e2666022f79abfdd7d12e8305fc27a40",
              "status": "affected",
              "version": "4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6",
              "versionType": "git"
            },
            {
              "lessThan": "48e105a2a1a10adc21c0ae717969f5e8e990ba48",
              "status": "affected",
              "version": "4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6",
              "versionType": "git"
            },
            {
              "lessThan": "75ad80ed88a182ab2ad5513e448cf07b403af5c3",
              "status": "affected",
              "version": "4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/flow_dissector.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.134",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.56",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.6",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/core: Fix ETH_P_1588 flow dissector\n\nWhen a PTP ethernet raw frame with a size of more than 256 bytes followed\nby a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation\nis wrong. For example: hdr-\u003emessage_length takes the wrong value (0xffff)\nand it does not replicate real header length. In this case, \u0027nhoff\u0027 value\nwas overridden and the PTP header was badly dissected. This leads to a\nkernel crash.\n\nnet/core: flow_dissector\nnet/core flow dissector nhoff = 0x0000000e\nnet/core flow dissector hdr-\u003emessage_length = 0x0000ffff\nnet/core flow dissector nhoff = 0x0001000d (u16 overflow)\n...\nskb linear:   00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88\nskb frag:     00000000: f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nUsing the size of the ptp_header struct will allow the corrected\ncalculation of the nhoff value.\n\nnet/core flow dissector nhoff = 0x0000000e\nnet/core flow dissector nhoff = 0x00000030 (sizeof ptp_header)\n...\nskb linear:   00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88 f7 ff ff\nskb linear:   00000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nskb linear:   00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nskb frag:     00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nKernel trace:\n[   74.984279] ------------[ cut here ]------------\n[   74.989471] kernel BUG at include/linux/skbuff.h:2440!\n[   74.995237] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[   75.001098] CPU: 4 PID: 0 Comm: swapper/4 Tainted: G     U            5.15.85-intel-ese-standard-lts #1\n[   75.011629] Hardware name: Intel Corporation A-Island (CPU:AlderLake)/A-Island (ID:06), BIOS SB_ADLP.01.01.00.01.03.008.D-6A9D9E73-dirty Mar 30 2023\n[   75.026507] RIP: 0010:eth_type_trans+0xd0/0x130\n[   75.031594] Code: 03 88 47 78 eb c7 8b 47 68 2b 47 6c 48 8b 97 c0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb ab \u003c0f\u003e 0b b8 00 01 00 00 eb a2 48 85 ff 74 eb 48 8d 54 24 06 31 f6 b9\n[   75.052612] RSP: 0018:ffff9948c0228de0 EFLAGS: 00010297\n[   75.058473] RAX: 00000000000003f2 RBX: ffff8e47047dc300 RCX: 0000000000001003\n[   75.066462] RDX: ffff8e4e8c9ea040 RSI: ffff8e4704e0a000 RDI: ffff8e47047dc300\n[   75.074458] RBP: ffff8e4704e2acc0 R08: 00000000000003f3 R09: 0000000000000800\n[   75.082466] R10: 000000000000000d R11: ffff9948c0228dec R12: ffff8e4715e4e010\n[   75.090461] R13: ffff9948c0545018 R14: 0000000000000001 R15: 0000000000000800\n[   75.098464] FS:  0000000000000000(0000) GS:ffff8e4e8fb00000(0000) knlGS:0000000000000000\n[   75.107530] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   75.113982] CR2: 00007f5eb35934a0 CR3: 0000000150e0a002 CR4: 0000000000770ee0\n[   75.121980] PKRU: 55555554\n[   75.125035] Call Trace:\n[   75.127792]  \u003cIRQ\u003e\n[   75.130063]  ? eth_get_headlen+0xa4/0xc0\n[   75.134472]  igc_process_skb_fields+0xcd/0x150\n[   75.139461]  igc_poll+0xc80/0x17b0\n[   75.143272]  __napi_poll+0x27/0x170\n[   75.147192]  net_rx_action+0x234/0x280\n[   75.151409]  __do_softirq+0xef/0x2f4\n[   75.155424]  irq_exit_rcu+0xc7/0x110\n[   75.159432]  common_interrupt+0xb8/0xd0\n[   75.163748]  \u003c/IRQ\u003e\n[   75.166112]  \u003cTASK\u003e\n[   75.168473]  asm_common_interrupt+0x22/0x40\n[   75.173175] RIP: 0010:cpuidle_enter_state+0xe2/0x350\n[   75.178749] Code: 85 c0 0f 8f 04 02 00 00 31 ff e8 39 6c 67 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 50 02 00 00 31 ff e8 52 b0 6d ff fb 45 85 f6 \u003c0f\u003e 88 b1 00 00 00 49 63 ce 4c 2b 2c 24 48 89 c8 48 6b d1 68 48 c1\n[   75.199757] RSP: 0018:ffff9948c013bea8 EFLAGS: 00000202\n[   75.205614] RAX: ffff8e4e8fb00000 RBX: ffffb948bfd23900 RCX: 000000000000001f\n[   75.213619] RDX: 0000000000000004 RSI: ffffffff94206161 RDI: ffffffff94212e20\n[   75.221620] RBP: 0000000000000004 R08: 000000117568973a R09: 0000000000000001\n[   75.229622] R10: 000000000000afc8 R11: ffff8e4e8fb29ce4 R12: ffffffff945ae980\n[   75.237628] R13: 000000117568973a R14: 0000000000000004 R15: 0000000000000000\n[   75.245635]  ? \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:29:39.001Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f90a7b9586d72f907092078a9f394733ca502cc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/488ea2a3e2666022f79abfdd7d12e8305fc27a40"
        },
        {
          "url": "https://git.kernel.org/stable/c/48e105a2a1a10adc21c0ae717969f5e8e990ba48"
        },
        {
          "url": "https://git.kernel.org/stable/c/75ad80ed88a182ab2ad5513e448cf07b403af5c3"
        }
      ],
      "title": "net/core: Fix ETH_P_1588 flow dissector",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52580",
    "datePublished": "2024-03-02T21:59:47.231Z",
    "dateReserved": "2024-03-02T21:55:42.569Z",
    "dateUpdated": "2026-05-11T19:29:39.001Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-01805

CVE-2023-52580 (GCVE-0-2023-52580)

Tags

Sightings

Nomenclature