{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T08:45:00.075","vulnerabilities":[{"cve":{"id":"CVE-2023-52566","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-03-02T22:15:49.023","lastModified":"2025-04-08T15:08:55.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential use after free in nilfs_gccache_submit_read_data()\n\nIn nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the\nreference count of bh when the call to nilfs_dat_translate() fails.  If\nthe reference count hits 0 and its owner page gets unlocked, bh may be\nfreed.  However, bh->b_page is dereferenced to put the page after that,\nwhich may result in a use-after-free bug.  This patch moves the release\noperation after unlocking and putting the page.\n\nNOTE: The function in question is only called in GC, and in combination\nwith current userland tools, address translation using DAT does not occur\nin that function, so the code path that causes this issue will not be\nexecuted.  However, it is possible to run that code path by intentionally\nmodifying the userland GC library or by calling the GC ioctl directly.\n\n[konishi.ryusuke@gmail.com: NOTE added to the commit log]"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: soluciona el uso potencial después de liberar en nilfs_gccache_submit_read_data() En nilfs_gccache_submit_read_data(), se llama a brelse(bh) para eliminar el recuento de referencias de bh cuando falla la llamada a nilfs_dat_translate(). Si el recuento de referencias llega a 0 y la página del propietario se desbloquea, es posible que bh quede liberado. Sin embargo, se elimina la referencia a bh->b_page para colocar la página después de eso, lo que puede provocar un error de Use After Free. Este parche mueve la operación de lanzamiento después de desbloquear y poner la página. NOTA: La función en cuestión solo se llama en GC y, en combinación con las herramientas actuales del usuario, la traducción de direcciones usando DAT no ocurre en esa función, por lo que la ruta del código que causa este problema no se ejecutará. Sin embargo, es posible ejecutar esa ruta de código modificando intencionalmente la librería GC del área de usuario o llamando directamente al GC ioctl. [konishi.ryusuke@gmail.com: NOTA agregada al registro de confirmación]"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"4.14.327","matchCriteriaId":"B58818EF-4D8C-46CE-8E39-5297CF2BD101"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.296","matchCriteriaId":"78DAD65C-4893-461B-91B2-F4E7C212F140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.258","matchCriteriaId":"1208C905-CEAA-49F2-B357-72A5185B2656"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.198","matchCriteriaId":"66D916C3-4087-44FF-9CD9-D2826BCC9E3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.134","matchCriteriaId":"346A7B1E-5048-460C-9640-5EFA2075158B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.56","matchCriteriaId":"5EA89569-DD45-4A69-BB4D-8356FA9386BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.5.6","matchCriteriaId":"870FC772-173A-4A0F-B1AF-7976AD6057D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*","matchCriteriaId":"84267A4F-DBC2-444F-B41D-69E15E1BEC97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*","matchCriteriaId":"FB440208-241C-4246-9A83-C1715C0DAA6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*","matchCriteriaId":"0DC421F1-3D5A-4BEF-BF76-4E468985D20B"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/193b5a1c6c67c36b430989dc063fe7ea4e200a33","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/28df4646ad8b433340772edc90ca709cdefc53e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3936e8714907cd55e37c7cc50e50229e4a9042e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7130a87ca32396eb9bf48b71a2d42259ae44c6c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ee29facd8a9c5a26079148e36bcf07141b3a6bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/980663f1d189eedafd18d80053d9cf3e2ceb5c8c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bb61224f6abc8e71bfdf06d7c984e23460875f5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb1084e63ee56958b0a56e17a50a4fd86445b9c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/193b5a1c6c67c36b430989dc063fe7ea4e200a33","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/28df4646ad8b433340772edc90ca709cdefc53e2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3936e8714907cd55e37c7cc50e50229e4a9042e8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7130a87ca32396eb9bf48b71a2d42259ae44c6c7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ee29facd8a9c5a26079148e36bcf07141b3a6bc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/980663f1d189eedafd18d80053d9cf3e2ceb5c8c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bb61224f6abc8e71bfdf06d7c984e23460875f5b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb1084e63ee56958b0a56e17a50a4fd86445b9c1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}