{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T18:37:55.284","vulnerabilities":[{"cve":{"id":"CVE-2023-52637","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-04-03T15:15:51.347","lastModified":"2025-01-07T17:22:33.383","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)\n\nLock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)\nmodifies jsk->filters while receiving packets.\n\nFollowing trace was seen on affected system:\n ==================================================================\n BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af\/0x2d0 [can_j1939]\n Read of size 4 at addr ffff888012144014 by task j1939\/350\n\n CPU: 0 PID: 350 Comm: j1939 Tainted: G        W  OE      6.5.0-rc5 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04\/01\/2014\n Call Trace:\n  print_report+0xd3\/0x620\n  ? kasan_complete_mode_report_info+0x7d\/0x200\n  ? j1939_sk_recv_match_one+0x1af\/0x2d0 [can_j1939]\n  kasan_report+0xc2\/0x100\n  ? j1939_sk_recv_match_one+0x1af\/0x2d0 [can_j1939]\n  __asan_load4+0x84\/0xb0\n  j1939_sk_recv_match_one+0x1af\/0x2d0 [can_j1939]\n  j1939_sk_recv+0x20b\/0x320 [can_j1939]\n  ? __kasan_check_write+0x18\/0x20\n  ? __pfx_j1939_sk_recv+0x10\/0x10 [can_j1939]\n  ? j1939_simple_recv+0x69\/0x280 [can_j1939]\n  ? j1939_ac_recv+0x5e\/0x310 [can_j1939]\n  j1939_can_recv+0x43f\/0x580 [can_j1939]\n  ? __pfx_j1939_can_recv+0x10\/0x10 [can_j1939]\n  ? raw_rcv+0x42\/0x3c0 [can_raw]\n  ? __pfx_j1939_can_recv+0x10\/0x10 [can_j1939]\n  can_rcv_filter+0x11f\/0x350 [can]\n  can_receive+0x12f\/0x190 [can]\n  ? __pfx_can_rcv+0x10\/0x10 [can]\n  can_rcv+0xdd\/0x130 [can]\n  ? __pfx_can_rcv+0x10\/0x10 [can]\n  __netif_receive_skb_one_core+0x13d\/0x150\n  ? __pfx___netif_receive_skb_one_core+0x10\/0x10\n  ? __kasan_check_write+0x18\/0x20\n  ? _raw_spin_lock_irq+0x8c\/0xe0\n  __netif_receive_skb+0x23\/0xb0\n  process_backlog+0x107\/0x260\n  __napi_poll+0x69\/0x310\n  net_rx_action+0x2a1\/0x580\n  ? __pfx_net_rx_action+0x10\/0x10\n  ? __pfx__raw_spin_lock+0x10\/0x10\n  ? handle_irq_event+0x7d\/0xa0\n  __do_softirq+0xf3\/0x3f8\n  do_softirq+0x53\/0x80\n  <\/IRQ>\n  <TASK>\n  __local_bh_enable_ip+0x6e\/0x70\n  netif_rx+0x16b\/0x180\n  can_send+0x32b\/0x520 [can]\n  ? __pfx_can_send+0x10\/0x10 [can]\n  ? __check_object_size+0x299\/0x410\n  raw_sendmsg+0x572\/0x6d0 [can_raw]\n  ? __pfx_raw_sendmsg+0x10\/0x10 [can_raw]\n  ? apparmor_socket_sendmsg+0x2f\/0x40\n  ? __pfx_raw_sendmsg+0x10\/0x10 [can_raw]\n  sock_sendmsg+0xef\/0x100\n  sock_write_iter+0x162\/0x220\n  ? __pfx_sock_write_iter+0x10\/0x10\n  ? __rtnl_unlock+0x47\/0x80\n  ? security_file_permission+0x54\/0x320\n  vfs_write+0x6ba\/0x750\n  ? __pfx_vfs_write+0x10\/0x10\n  ? __fget_light+0x1ca\/0x1f0\n  ? __rcu_read_unlock+0x5b\/0x280\n  ksys_write+0x143\/0x170\n  ? __pfx_ksys_write+0x10\/0x10\n  ? __kasan_check_read+0x15\/0x20\n  ? fpregs_assert_state_consistent+0x62\/0x70\n  __x64_sys_write+0x47\/0x60\n  do_syscall_64+0x60\/0x90\n  ? do_syscall_64+0x6d\/0x90\n  ? irqentry_exit+0x3f\/0x50\n  ? exc_page_fault+0x79\/0xf0\n  entry_SYSCALL_64_after_hwframe+0x6e\/0xd8\n\n Allocated by task 348:\n  kasan_save_stack+0x2a\/0x50\n  kasan_set_track+0x29\/0x40\n  kasan_save_alloc_info+0x1f\/0x30\n  __kasan_kmalloc+0xb5\/0xc0\n  __kmalloc_node_track_caller+0x67\/0x160\n  j1939_sk_setsockopt+0x284\/0x450 [can_j1939]\n  __sys_setsockopt+0x15c\/0x2f0\n  __x64_sys_setsockopt+0x6b\/0x80\n  do_syscall_64+0x60\/0x90\n  entry_SYSCALL_64_after_hwframe+0x6e\/0xd8\n\n Freed by task 349:\n  kasan_save_stack+0x2a\/0x50\n  kasan_set_track+0x29\/0x40\n  kasan_save_free_info+0x2f\/0x50\n  __kasan_slab_free+0x12e\/0x1c0\n  __kmem_cache_free+0x1b9\/0x380\n  kfree+0x7a\/0x120\n  j1939_sk_setsockopt+0x3b2\/0x450 [can_j1939]\n  __sys_setsockopt+0x15c\/0x2f0\n  __x64_sys_setsockopt+0x6b\/0x80\n  do_syscall_64+0x60\/0x90\n  entry_SYSCALL_64_after_hwframe+0x6e\/0xd8"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: j1939: Reparar UAF en j1939_sk_match_filter durante setsockopt(SO_J1939_FILTER) Bloquear jsk-&gt;sk para evitar UAF cuando setsockopt(..., SO_J1939_FILTER, ...) modifica jsk-&gt; filtros mientras recibe paquetes. Se vio el siguiente rastro en el sistema afectado: ============================================ ======================== ERROR: KASAN: slab-use-after-free en j1939_sk_recv_match_one+0x1af\/0x2d0 [can_j1939] Lectura de tamaño 4 en dirección ffff888012144014 por tarea j1939\/350 CPU: 0 PID: 350 Comm: j1939 Contaminado: GW OE 6.5.0-rc5 #1 Nombre de hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04\/ 01\/2014 Seguimiento de llamadas: print_report+0xd3\/0x620 ? kasan_complete_mode_report_info+0x7d\/0x200 ? j1939_sk_recv_match_one+0x1af\/0x2d0 [can_j1939] kasan_report+0xc2\/0x100 ? j1939_sk_recv_match_one+0x1af\/0x2d0 [can_j1939] __asan_load4+0x84\/0xb0 j1939_sk_recv_match_one+0x1af\/0x2d0 [can_j1939] j1939_sk_recv+0x20b\/0x320 [can_j1939] ? __kasan_check_write+0x18\/0x20? __pfx_j1939_sk_recv+0x10\/0x10 [can_j1939] ? j1939_simple_recv+0x69\/0x280 [can_j1939] ? j1939_ac_recv+0x5e\/0x310 [can_j1939] j1939_can_recv+0x43f\/0x580 [can_j1939] ? __pfx_j1939_can_recv+0x10\/0x10 [can_j1939] ? raw_rcv+0x42\/0x3c0 [puede_raw]? __pfx_j1939_can_recv+0x10\/0x10 [can_j1939] can_rcv_filter+0x11f\/0x350 [puede] can_receive+0x12f\/0x190 [puede]? __pfx_can_rcv+0x10\/0x10 [puede] can_rcv+0xdd\/0x130 [puede] ? __pfx_can_rcv+0x10\/0x10 [puede] __netif_receive_skb_one_core+0x13d\/0x150 ? __pfx___netif_receive_skb_one_core+0x10\/0x10 ? __kasan_check_write+0x18\/0x20? _raw_spin_lock_irq+0x8c\/0xe0 __netif_receive_skb+0x23\/0xb0 Process_backlog+0x107\/0x260 __napi_poll+0x69\/0x310 net_rx_action+0x2a1\/0x580 ? __pfx_net_rx_action+0x10\/0x10 ? __pfx__raw_spin_lock+0x10\/0x10? handle_irq_event+0x7d\/0xa0 __do_softirq+0xf3\/0x3f8 do_softirq+0x53\/0x80   __local_bh_enable_ip+0x6e\/0x70 netif_rx+0x16b\/0x180 can_send+0x32b\/0x520 [can] ? __pfx_can_send+0x10\/0x10 [puede]? __check_object_size+0x299\/0x410 raw_sendmsg+0x572\/0x6d0 [can_raw]? __pfx_raw_sendmsg+0x10\/0x10 [can_raw]? apparmor_socket_sendmsg+0x2f\/0x40? __pfx_raw_sendmsg+0x10\/0x10 [can_raw] sock_sendmsg+0xef\/0x100 sock_write_iter+0x162\/0x220 ? __pfx_sock_write_iter+0x10\/0x10? __rtnl_unlock+0x47\/0x80? permiso_archivo_seguridad+0x54\/0x320 vfs_write+0x6ba\/0x750 ? __pfx_vfs_write+0x10\/0x10? __fget_light+0x1ca\/0x1f0 ? __rcu_read_unlock+0x5b\/0x280 ksys_write+0x143\/0x170 ? __pfx_ksys_write+0x10\/0x10? __kasan_check_read+0x15\/0x20 ? fpregs_assert_state_consistent+0x62\/0x70 __x64_sys_write+0x47\/0x60 do_syscall_64+0x60\/0x90 ? do_syscall_64+0x6d\/0x90? irqentry_exit+0x3f\/0x50? exc_page_fault+0x79\/0xf0 Entry_SYSCALL_64_after_hwframe+0x6e\/0xd8 Asignado por la tarea 348: kasan_save_stack+0x2a\/0x50 kasan_set_track+0x29\/0x40 kasan_save_alloc_info+0x1f\/0x30 __kasan_kmalloc+0xb5\/0xc0 __kmalloc_node_track_caller+0x67\/0x160 j1939_sk_setsockopt+0x284\/0x450 [can_j1939] __sys_setsockopt+ 0x15c\/0x2f0 __x64_sys_setsockopt+0x6b\/0x80 do_syscall_64+0x60\/0x90 Entry_SYSCALL_64_after_hwframe+0x6e\/0xd8 Liberado por la tarea 349: kasan_save_stack+0x2a\/0x50 kasan_set_track+0x29\/0x40 ka san_save_free_info+0x2f\/0x50 __kasan_slab_free+0x12e\/0x1c0 __kmem_cache_free+0x1b9\/0x380 kfree+ 0x7a\/0x120 j1939_sk_setsockopt+0x3b2\/0x450 [can_j1939] __sys_setsockopt+0x15c\/0x2f0 __x64_sys_setsockopt+0x6b\/0x80 do_syscall_64+0x60\/0x90 Entry_SYSCALL_64_after_h wframe+0x6e\/0xd8"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.4.269","matchCriteriaId":"E2B90340-A8CC-4956-9F40-F37195011EC7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.210","matchCriteriaId":"F5CB4CA6-A9A0-4AFD-9102-8CF94D708170"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.149","matchCriteriaId":"0D0465BB-4053-4E15-9137-6696EBAE90FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.79","matchCriteriaId":"656E2F29-1779-4EFC-AA64-8F984E2885B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.18","matchCriteriaId":"BD961E49-FEDA-47CF-BF23-4D2BD942B4E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.7.6","matchCriteriaId":"C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*","matchCriteriaId":"B9F4EA73-0894-400F-A490-3A397AB7A517"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*","matchCriteriaId":"056BD938-0A27-4569-B391-30578B309EE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*","matchCriteriaId":"F02056A5-B362-4370-9FF8-6F0BD384D520"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*","matchCriteriaId":"62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https:\/\/git.kernel.org\/stable\/c\/08de58abedf6e69396e1207e4f99ef8904b2b532","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/41ccb5bcbf03f02d820bc6ea8390811859f558f8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/978e50ef8c38dc71bd14d1b0143d554ff5d188ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/efe7cf828039aedb297c1f9920b638fffee6aabc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/f84e7534457dcd7835be743517c35378bb4e7c50","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/fc74b9cb789cae061bbca7b203a3842e059f6b5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/08de58abedf6e69396e1207e4f99ef8904b2b532","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/41ccb5bcbf03f02d820bc6ea8390811859f558f8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/978e50ef8c38dc71bd14d1b0143d554ff5d188ba","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/efe7cf828039aedb297c1f9920b638fffee6aabc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/f84e7534457dcd7835be743517c35378bb4e7c50","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/fc74b9cb789cae061bbca7b203a3842e059f6b5d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/lists.debian.org\/debian-lts-announce\/2024\/06\/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]}]}}]}