{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T03:19:00.129","vulnerabilities":[{"cve":{"id":"CVE-2023-52501","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-03-02T22:15:47.153","lastModified":"2025-01-13T18:45:17.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not attempt to read past \"commit\"\n\nWhen iterating over the ring buffer while the ring buffer is active, the\nwriter can corrupt the reader. There's barriers to help detect this and\nhandle it, but that code missed the case where the last event was at the\nvery end of the page and has only 4 bytes left.\n\nThe checks to detect the corruption by the writer to reads needs to see the\nlength of the event. If the length in the first 4 bytes is zero then the\nlength is stored in the second 4 bytes. But if the writer is in the process\nof updating that code, there's a small window where the length in the first\n4 bytes could be zero even though the length is only 4 bytes. That will\ncause rb_event_length() to read the next 4 bytes which could happen to be off the\nallocated page.\n\nTo protect against this, fail immediately if the next event pointer is\nless than 8 bytes from the end of the commit (last byte of data), as all\nevents must be a minimum of 8 bytes anyway."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ring-buffer: no intente leer más allá del \"commit\" Al iterar sobre el búfer de anillo mientras el búfer de anillo está activo, el escritor puede dañar al lector. Existen barreras para ayudar a detectar esto y manejarlo, pero ese código omitió el caso en el que el último evento estaba al final de la página y solo le quedan 4 bytes. Las comprobaciones para detectar la corrupción por parte del escritor en las lecturas deben ver la duración del evento. Si la longitud de los primeros 4 bytes es cero, entonces la longitud se almacena en los segundos 4 bytes. Pero si el escritor está en el proceso de actualizar ese código, hay una pequeña ventana donde la longitud de los primeros 4 bytes podría ser cero aunque la longitud sea solo de 4 bytes. Eso hará que rb_event_length() lea los siguientes 4 bytes que podrían estar fuera de la página asignada. Para protegerse contra esto, falle inmediatamente si el siguiente puntero de evento está a menos de 8 bytes del final de el commit (último byte de datos), ya que todos los eventos deben tener un mínimo de 8 bytes de todos modos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.198","matchCriteriaId":"71BA73D5-437E-41B7-8F92-323BFBC81366"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.134","matchCriteriaId":"346A7B1E-5048-460C-9640-5EFA2075158B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndIncluding":"6.1.56","matchCriteriaId":"9FAE4128-2CD2-4F26-B375-CDE6BD5EA6E5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndIncluding":"6.5.6","matchCriteriaId":"C35C10BA-926F-4355-90EA-5CC19F6AF792"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*","matchCriteriaId":"84267A4F-DBC2-444F-B41D-69E15E1BEC97"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/344f2f3e61a90f0150c754796ec9a17fcaeec03d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/75fc9e99b3a71006720ad1e029db11a4b5c32d4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95a404bd60af6c4d9d8db01ad14fe8957ece31ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b08a4938229dbb530a35c41b83002a1457c6ff49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cee5151c5410e868826b8afecfb356f3799ebea3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/344f2f3e61a90f0150c754796ec9a17fcaeec03d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/75fc9e99b3a71006720ad1e029db11a4b5c32d4a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95a404bd60af6c4d9d8db01ad14fe8957ece31ca","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b08a4938229dbb530a35c41b83002a1457c6ff49","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cee5151c5410e868826b8afecfb356f3799ebea3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}