csaf_certbund - wid-sec-w-2024-1251

WID-SEC-W-2024-1251

Vulnerability from csaf_certbund - Published: 2024-05-28 22:00 - Updated: 2025-06-09 22:00

Summary

Linux Kernel: Schwachstelle ermöglicht nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1251 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1251.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1251 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1251"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2023-52881 vom 2024-05-29",
        "url": "http://lore.kernel.org/linux-cve-announce/2024052941-CVE-2023-52881-4283@gregkh/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4211 vom 2024-07-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:4211"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-4211.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4352 vom 2024-07-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:4352"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2365-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018897.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2362-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018905.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2384-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018921.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
        "url": "https://access.redhat.com/errata/RHSA-2024:4321"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2385-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018920.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4211"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2495-1 vom 2024-07-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018982.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:4631"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2895-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019186.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5281 vom 2024-08-13",
        "url": "https://access.redhat.com/errata/RHSA-2024:5281"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2896-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2939-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019211.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2973-1 vom 2024-08-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019280.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12606 vom 2024-09-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12606.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2024-0011 vom 2024-09-04",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2024-September/001099.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7167662 vom 2024-09-05",
        "url": "https://www.ibm.com/support/pages/node/7167662"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7169778 vom 2024-09-24",
        "url": "https://www.ibm.com/support/pages/node/7169778"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
        "url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000148479 vom 2024-11-12",
        "url": "https://my.f5.com/manage/s/article/K000148479"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3986-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CIC23R3UQSPF2K4P2CX54TPCX5T7KWQG/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3983-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QUOFKELDJYP3JMHIXPCVKVI4REVXAKTX/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3985-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KB6DG7QR5KXDQRV57H4IY2TB2LW42K4S/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3984-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/L52VEDNTEHWEPR56WZN4KZNMEUYGCJX6/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4081-1 vom 2024-11-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019852.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4082-1 vom 2024-11-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019851.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4100-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019864.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4103-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019863.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4140-1 vom 2024-12-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019890.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4131-1 vom 2024-12-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019887.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10772 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10772"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10773 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10773"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7178687 vom 2024-12-12",
        "url": "https://www.ibm.com/support/pages/node/7178687"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4318-1 vom 2024-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019999.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4364-1 vom 2024-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4387-1 vom 2024-12-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020032.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0034-1 vom 2025-01-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020071.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7181929 vom 2025-02-12",
        "url": "https://www.ibm.com/support/pages/node/7181929"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20247-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021076.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20246-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021078.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20164-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021175.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20163-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021187.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20008-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021403.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20028-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021386.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7236043 vom 2025-06-09",
        "url": "https://www.ibm.com/support/pages/node/7236043"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Schwachstelle erm\u00f6glicht nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2025-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-10T08:22:42.685+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-1251",
      "initial_release_date": "2024-05-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-02T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-07T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-07-22T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-08-15T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-19T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-02T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-09-04T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2024-09-05T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-23T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-13T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-27T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-28T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-02T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-03T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-12-12T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-12-15T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-17T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-19T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-08T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-02-11T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-06-03T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-06-04T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-06-09T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "33"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "17.1.0-17.1.1",
                "product": {
                  "name": "F5 BIG-IP 17.1.0-17.1.1",
                  "product_id": "T034899",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:17.1.0_-_17.1.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.1.0-15.1.10",
                "product": {
                  "name": "F5 BIG-IP 15.1.0-15.1.10",
                  "product_id": "T034902",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:15.1.0_-_15.1.10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "16.1.0-16.1.5",
                "product": {
                  "name": "F5 BIG-IP 16.1.0-16.1.5",
                  "product_id": "T037028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:16.1.0_-_16.1.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIG-IP"
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "24.0.0",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.0",
                  "product_id": "T036570",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.5.0.14",
                "product": {
                  "name": "IBM DataPower Gateway \u003c10.5.0.14",
                  "product_id": "T038875"
                }
              },
              {
                "category": "product_version",
                "name": "10.5.0.14",
                "product": {
                  "name": "IBM DataPower Gateway 10.5.0.14",
                  "product_id": "T038875-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.6.0.2",
                "product": {
                  "name": "IBM DataPower Gateway \u003c10.6.0.2",
                  "product_id": "T038876"
                }
              },
              {
                "category": "product_version",
                "name": "10.6.0.2",
                "product": {
                  "name": "IBM DataPower Gateway 10.6.0.2",
                  "product_id": "T038876-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DataPower Gateway"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "V9000",
                "product": {
                  "name": "IBM FlashSystem V9000",
                  "product_id": "T026925",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:v9000"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9500",
                "product": {
                  "name": "IBM FlashSystem 9500",
                  "product_id": "T026926",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:9500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9100 Family",
                "product": {
                  "name": "IBM FlashSystem 9100 Family",
                  "product_id": "T026927",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:9100_family"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9200",
                "product": {
                  "name": "IBM FlashSystem 9200",
                  "product_id": "T026928",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:9200"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7300",
                "product": {
                  "name": "IBM FlashSystem 7300",
                  "product_id": "T026929",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:7300"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7200",
                "product": {
                  "name": "IBM FlashSystem 7200",
                  "product_id": "T026930",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:7200"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5200",
                "product": {
                  "name": "IBM FlashSystem 5200",
                  "product_id": "T026931",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:5200"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5000",
                "product": {
                  "name": "IBM FlashSystem 5000",
                  "product_id": "T026932",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:5000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FlashSystem"
          },
          {
            "category": "product_name",
            "name": "IBM SAN Volume Controller",
            "product": {
              "name": "IBM SAN Volume Controller",
              "product_id": "T020642",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:san_volume_controller:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.16.3",
                "product": {
                  "name": "IBM Spectrum Protect Plus \u003c10.1.16.3",
                  "product_id": "T037795"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.16.3",
                "product": {
                  "name": "IBM Spectrum Protect Plus 10.1.16.3",
                  "product_id": "T037795-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spectrum Protect Plus"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.1.9.4",
                "product": {
                  "name": "IBM Storage Scale System 6.1.9.4",
                  "product_id": "T044418",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:ibm:storage_scale_system:6.1.9.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.2.1.1",
                "product": {
                  "name": "IBM Storage Scale System 6.2.1.1",
                  "product_id": "T044419",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:ibm:storage_scale_system:6.2.1.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale System"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "V5100",
                "product": {
                  "name": "IBM Storwize V5100",
                  "product_id": "T020638",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:storwize:v5100"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "V5000",
                "product": {
                  "name": "IBM Storwize V5000",
                  "product_id": "T020639",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:storwize:v5000"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "V5000E",
                "product": {
                  "name": "IBM Storwize V5000E",
                  "product_id": "T026924",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:storwize:v5000e"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "V7000",
                "product": {
                  "name": "IBM Storwize V7000",
                  "product_id": "T041141",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:storwize:v7000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storwize"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.10.204",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.10.204",
                  "product_id": "1549699"
                }
              },
              {
                "category": "product_version",
                "name": "5.10.204",
                "product": {
                  "name": "Open Source Linux Kernel 5.10.204",
                  "product_id": "1549699-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.10.204"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.15.143",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.15.143",
                  "product_id": "1549728"
                }
              },
              {
                "category": "product_version",
                "name": "5.15.143",
                "product": {
                  "name": "Open Source Linux Kernel 5.15.143",
                  "product_id": "1549728-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.15.143"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.1.68",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.1.68",
                  "product_id": "1549758"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.68",
                "product": {
                  "name": "Open Source Linux Kernel 6.1.68",
                  "product_id": "1549758-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.1.68"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.6.7",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.6.7",
                  "product_id": "1549760"
                }
              },
              {
                "category": "product_version",
                "name": "6.6.7",
                "product": {
                  "name": "Open Source Linux Kernel 6.6.7",
                  "product_id": "1549760-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.6.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.4.264",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.4.264",
                  "product_id": "1587047"
                }
              },
              {
                "category": "product_version",
                "name": "5.4.264",
                "product": {
                  "name": "Open Source Linux Kernel 5.4.264",
                  "product_id": "1587047-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.4.264"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.19.302",
                "product": {
                  "name": "Open Source Linux Kernel \u003c4.19.302",
                  "product_id": "1587069"
                }
              },
              {
                "category": "product_version",
                "name": "4.19.302",
                "product": {
                  "name": "Open Source Linux Kernel 4.19.302",
                  "product_id": "1587069-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:4.19.302"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.7",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.7",
                  "product_id": "T033079"
                }
              },
              {
                "category": "product_version",
                "name": "6.7",
                "product": {
                  "name": "Open Source Linux Kernel 6.7",
                  "product_id": "T033079-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.14.333",
                "product": {
                  "name": "Open Source Linux Kernel \u003c4.14.333",
                  "product_id": "T035101"
                }
              },
              {
                "category": "product_version",
                "name": "4.14.333",
                "product": {
                  "name": "Open Source Linux Kernel 4.14.333",
                  "product_id": "T035101-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:4.14.333"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52881",
      "product_status": {
        "known_affected": [
          "1587047",
          "1587069",
          "67646",
          "T034902",
          "T020639",
          "T020638",
          "T004914",
          "T033079",
          "1549728",
          "T037795",
          "T026927",
          "T020642",
          "T026928",
          "1549760",
          "T026925",
          "T041141",
          "T026926",
          "T026924",
          "T044418",
          "T034899",
          "T038875",
          "1549758",
          "T044419",
          "T037028",
          "T038876",
          "T032255",
          "T026929",
          "T035101",
          "T036570",
          "T002207",
          "1549699",
          "T026932",
          "T026930",
          "T026931"
        ]
      },
      "release_date": "2024-05-28T22:00:00.000+00:00",
      "title": "CVE-2023-52881"
    }
  ]
}

CVE-2023-52881 (GCVE-0-2023-52881)

Vulnerability from cvelistv5 – Published: 2024-05-29 10:15 – Updated: 2025-05-04 12:49

Title

tcp: do not accept ACK of bytes we never sent

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The ACK value is considered acceptable only if it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT). All incoming segments whose ACK value doesn't satisfy the above condition MUST be discarded and an ACK sent back. It needs to be noted that RFC 793 on page 72 (fifth check) says: "If the ACK is a duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an ACK, drop the segment, and return". The "ignored" above implies that the processing of the incoming data segment continues, which means the ACK value is treated as acceptable. This mitigation makes the ACK check more stringent since any ACK < SND.UNA wouldn't be accepted, instead only ACKs that are in the range ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through. This can be refined for new (and possibly spoofed) flows, by not accepting ACK for bytes that were never sent. This greatly improves TCP security at a little cost. I added a Fixes: tag to make sure this patch will reach stable trees, even if the 'blamed' patch was adhering to the RFC. tp->bytes_acked was added in linux-4.2 Following packetdrill test (courtesy of Yepeng Pan) shows the issue at hand: 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1024) = 0 // ---------------- Handshake ------------------- // // when window scale is set to 14 the window size can be extended to // 65535 * (2^14) = 1073725440. Linux would accept an ACK packet // with ack number in (Server_ISN+1-1073725440. Server_ISN+1) // ,though this ack number acknowledges some data never // sent by the server. +0 < S 0:0(0) win 65535 <mss 1400,nop,wscale 14> +0 > S. 0:0(0) ack 1 <...> +0 < . 1:1(0) ack 1 win 65535 +0 accept(3, ..., ...) = 4 // For the established connection, we send an ACK packet, // the ack packet uses ack number 1 - 1073725300 + 2^32, // where 2^32 is used to wrap around. // Note: we used 1073725300 instead of 1073725440 to avoid possible // edge cases. // 1 - 1073725300 + 2^32 = 3221241997 // Oops, old kernels happily accept this packet. +0 < . 1:1001(1000) ack 3221241997 win 65535 // After the kernel fix the following will be replaced by a challenge ACK, // and prior malicious frame would be dropped. +0 > . 1:1(0) ack 1001

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/69eae75ca5255e876…
	https://git.kernel.org/stable/c/458f07ffeccd17f99…
	https://git.kernel.org/stable/c/7ffff0cc929fdfc62…
	https://git.kernel.org/stable/c/b17a886ed29f3b70b…
	https://git.kernel.org/stable/c/0d4e0afdd6658cd21…
	https://git.kernel.org/stable/c/008b807fe487e0b15…
	https://git.kernel.org/stable/c/2087d53a66e97a5eb…
	https://git.kernel.org/stable/c/3d501dd326fb1c73f…

Impacted products

Vendor

Product

Version

Linux

Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 69eae75ca5255e876628ac5cee9eaab31f644b57 (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 458f07ffeccd17f99942311e09ef574ddf4a414a (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 7ffff0cc929fdfc62a74b384c4903d6496c910f0 (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < b17a886ed29f3b70b78ccf632dad03e0c69e3c1a (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 0d4e0afdd6658cd21dd5be61880411a2553fd1fc (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 008b807fe487e0b15a3a6c39add4eb477f73e440 (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 2087d53a66e97a5eb5d1bf558d5bef9e5f891757 (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27 (git)
Affected: 8d15569e14cfcf9151e9e3b4c0cb98369943a2bb (git)
Affected: e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1 (git)
Affected: 2ee4432e82437a7c051c254b065fbf5d4581e1a3 (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 4.14.333 , ≤ 4.14.* (semver)
Unaffected: 4.19.302 , ≤ 4.19.* (semver)
Unaffected: 5.4.264 , ≤ 5.4.* (semver)
Unaffected: 5.10.204 , ≤ 5.10.* (semver)
Unaffected: 5.15.143 , ≤ 5.15.* (semver)
Unaffected: 6.1.68 , ≤ 6.1.* (semver)
Unaffected: 6.6.7 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T16:46:40.495686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T15:11:03.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_input.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "69eae75ca5255e876628ac5cee9eaab31f644b57",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "458f07ffeccd17f99942311e09ef574ddf4a414a",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "7ffff0cc929fdfc62a74b384c4903d6496c910f0",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "b17a886ed29f3b70b78ccf632dad03e0c69e3c1a",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "0d4e0afdd6658cd21dd5be61880411a2553fd1fc",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "008b807fe487e0b15a3a6c39add4eb477f73e440",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "2087d53a66e97a5eb5d1bf558d5bef9e5f891757",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "8d15569e14cfcf9151e9e3b4c0cb98369943a2bb",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2ee4432e82437a7c051c254b065fbf5d4581e1a3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_input.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.333",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.302",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.264",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.204",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.143",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.333",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.302",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.264",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.204",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.143",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.68",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.7",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.0.58",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.2.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.4.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n   The ACK value is considered acceptable only if\n   it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n   SND.NXT).  All incoming segments whose ACK value doesn\u0027t satisfy the\n   above condition MUST be discarded and an ACK sent back.  It needs to\n   be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n   duplicate (SEG.ACK \u003c SND.UNA), it can be ignored.  If the ACK\n   acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n   ACK, drop the segment, and return\".  The \"ignored\" above implies that\n   the processing of the incoming data segment continues, which means\n   the ACK value is treated as acceptable.  This mitigation makes the\n   ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n   accepted, instead only ACKs that are in the range ((SND.UNA -\n   MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:49:46.197Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
        },
        {
          "url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
        },
        {
          "url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
        }
      ],
      "title": "tcp: do not accept ACK of bytes we never sent",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52881",
    "datePublished": "2024-05-29T10:15:14.186Z",
    "dateReserved": "2024-05-21T15:35:00.781Z",
    "dateUpdated": "2025-05-04T12:49:46.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-1251

CVE-2023-52881 (GCVE-0-2023-52881)

Tags

Sightings

Nomenclature