U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2023-52513 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. This special case was not handled correctly by the code handling the later TCP socket close, causing a NULL dereference crash in siw_cm_work_handler() when dereferencing a NULL listener. We now also cancel the useless MPA timeout, if immediate MPA request processing fails. This patch furthermore simplifies MPA processing in general: Scheduling a useless TCP socket read in sk_data_ready() upcall is now surpressed, if the socket is already moved out of TCP_ESTABLISHED state.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed
https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed
https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590
https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590
https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f
https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f
https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594
https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594
https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d
https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d
https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8
https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8

Weakness Enumeration

CWE-ID CWE Name Source

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-52513
NVD Published Date:
03/02/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org