🛡️ UBUNTU-CVE-2023-52845
⚪ Unknown ✅ No Known Exploit OSV
N/A
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [inline] strstr+0xb8/0x2f0 lib/string.c:756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline] genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd TIPC bearer-related names including link names must be null-terminated strings. If a link name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This causes the above issue. This patch changes the nla_policy for bearer-related names from NLA_STRING to NLA_NUL_STRING. This resolves the issue by ensuring that only null-terminated strings are accepted as bearer-related names. syzbot reported similar uninit-value issue related to bearer names [2]. The root cause of this issue is that a non-null-terminated bearer name was passed. This patch also resolved this issue.

Details

Severity Unknown
CVSS Score N/A
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE N/A
Public Exploit ✅ No
Source OSV
Published 2024-05-21
Updated 2026-06-15
Modified 2026-06-04
Fix URL N/A

Affected Packages

Software From version Fixed in
linux 5.15.0-100.110
linux-allwinner-5.19
linux-aws 5.15.0-1056.61
linux-aws-5.0
linux-aws-5.11
linux-aws-5.13
linux-aws-5.15 5.15.0-1056.61~20.04.1
linux-aws-5.19
linux-aws-5.3
linux-aws-5.4 5.4.0-1120.130~18.04.1
linux-aws-5.8
linux-aws-6.2
linux-aws-6.5
linux-aws-fips 5.15.0-1056.61+fips1
linux-aws-hwe
linux-azure 5.15.0-1058.66
linux-azure-4.15
linux-azure-5.11
linux-azure-5.13
linux-azure-5.15 5.15.0-1058.66~20.04.2
linux-azure-5.19
linux-azure-5.3
linux-azure-5.4 5.4.0-1126.133~18.04.1
linux-azure-5.8
linux-azure-6.2
linux-azure-6.5
linux-azure-edge
linux-azure-fde
linux-azure-fde-5.19
linux-azure-fde-6.2
linux-azure-fde-6.8
linux-azure-fips
linux-bluefield
linux-fips 5.15.0-100.110+fips1
linux-gcp 5.15.0-1053.61
linux-gcp-4.15
linux-gcp-5.11
linux-gcp-5.13
linux-gcp-5.15 5.15.0-1053.61~20.04.1
linux-gcp-5.19
linux-gcp-5.3
linux-gcp-5.4 5.4.0-1124.133~18.04.1
linux-gcp-5.8
linux-gcp-6.2
linux-gcp-6.5
linux-gcp-fips 5.15.0-1055.63+fips2
linux-gke 5.15.0-1052.57
linux-gke-4.15
linux-gke-5.15
linux-gke-5.4
linux-gkeop 5.15.0-1038.44
linux-gkeop-5.15 5.15.0-1038.44~20.04.1
linux-gkeop-5.4
linux-hwe
linux-hwe-5.11
linux-hwe-5.13
linux-hwe-5.15 5.15.0-100.110~20.04.1
linux-hwe-5.19
linux-hwe-5.4 5.4.0-173.191~18.04.1
linux-hwe-5.8
linux-hwe-6.2
linux-hwe-6.5
linux-hwe-edge
linux-ibm 5.15.0-1048.51
linux-ibm-5.15 5.15.0-1048.51~20.04.1
linux-ibm-5.4 5.4.0-1067.72~18.04.1
linux-intel-5.13
linux-intel-iot-realtime 5.15.0-1048.50
linux-intel-iotg 5.15.0-1050.56
linux-intel-iotg-5.15 5.15.0-1050.56~20.04.1
linux-iot 5.4.0-1032.33
linux-kvm 5.15.0-1052.57
linux-lowlatency 5.15.0-100.110
linux-lowlatency-hwe-5.15 5.15.0-100.110~20.04.1
linux-lowlatency-hwe-5.19
linux-lowlatency-hwe-6.2
linux-lowlatency-hwe-6.5
linux-lts-xenial
linux-nvidia 5.15.0-1046.46
linux-nvidia-6.2
linux-nvidia-6.5 6.5.0-1014.14
linux-nvidia-tegra 5.15.0-1025.25
linux-nvidia-tegra-5.15 5.15.0-1025.25~20.04.1
linux-nvidia-tegra-igx 5.15.0-1012.12
linux-oem
linux-oem-5.10
linux-oem-5.13
linux-oem-5.14
linux-oem-5.17
linux-oem-5.6
linux-oem-6.0
linux-oem-6.1
linux-oem-6.5
linux-oracle 5.15.0-1053.59
linux-oracle-5.0
linux-oracle-5.11
linux-oracle-5.13
linux-oracle-5.15 5.15.0-1053.59~20.04.1
linux-oracle-5.3
linux-oracle-5.4 5.4.0-1119.128~18.04.1
linux-oracle-5.8
linux-oracle-6.5
linux-raspi 5.15.0-1048.51
linux-raspi-5.4 5.4.0-1104.116~18.04.1
linux-raspi-realtime
linux-raspi2
linux-realtime 5.15.0-1056.63
linux-riscv
linux-riscv-5.11
linux-riscv-5.15 5.15.0-1051.55~20.04.1
linux-riscv-5.19
linux-riscv-5.8
linux-riscv-6.5
linux-starfive-5.19
linux-starfive-6.2
linux-starfive-6.5
linux-xilinx-zynqmp 5.15.0-1030.34

References

Similar Threats

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.