FKIE_CVE-2023-52507

Vulnerability from fkie_nvd - Published: 2024-03-02 22:15 - Updated: 2025-01-13 18:51
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521daPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cbPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521daPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cbPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.6
linux linux_kernel 6.6
linux linux_kernel 6.6
linux linux_kernel 6.6
linux linux_kernel 6.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B7EED9-0518-4CBC-A94D-AD748663561C",
              "versionEndExcluding": "4.14.328",
              "versionStartIncluding": "3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02978144-891F-40EF-83B8-59063740AEF6",
              "versionEndExcluding": "4.19.297",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F46843-24C9-4AC7-B6BB-1EF101D05435",
              "versionEndExcluding": "5.4.259",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D886A8D-A6CD-44FA-ACF5-DD260ECA7A1B",
              "versionEndExcluding": "5.10.199",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FA5161-3AC0-44DF-B1F7-93A070F2B1E7",
              "versionEndExcluding": "5.15.136",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96EA633C-1F3E-41C5-A13A-155C55A1F273",
              "versionEndExcluding": "6.1.59",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D",
              "versionEndExcluding": "6.5.8",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: assert requested protocol is valid\n\nThe protocol is used in a bit mask to determine if the protocol is\nsupported. Assert the provided protocol is less than the maximum\ndefined so it doesn\u0027t potentially perform a shift-out-of-bounds and\nprovide a clearer error for undefined protocols vs unsupported ones."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: nci: afirmar que el protocolo solicitado es v\u00e1lido El protocolo se utiliza en una m\u00e1scara de bits para determinar si el protocolo es compatible. Afirme que el protocolo proporcionado es menor que el m\u00e1ximo definido para que no realice potencialmente un desplazamiento fuera de los l\u00edmites y proporcione un error m\u00e1s claro para los protocolos no definidos frente a los no compatibles."
    }
  ],
  "id": "CVE-2023-52507",
  "lastModified": "2025-01-13T18:51:41.030",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-02T22:15:47.443",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.