{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/vex/2023/cve-2023-52922-els_os-centos8_5els.json" } ], "title": "Security update on CVE-2023-52922", "tracking": { "current_release_date": "2025-12-23T22:15:38Z", "generator": { "date": "2025-12-23T22:15:38Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-52922-ELS_OS-CENTOS8.5ELS", "initial_release_date": "2023-01-01T00:00:00Z", "revision_history": [ { "date": "2023-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-05-19T21:09:54Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs-devel@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-internal@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-cross-headers@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-52922", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncan: bcm: Fix UAF in bcm_proc_show()\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0xd5/0x150\nprint_report+0xc1/0x5e0\nkasan_report+0xba/0xf0\nbcm_proc_show+0x969/0xa80\nseq_read_iter+0x4f6/0x1260\nseq_read+0x165/0x210\nproc_reg_read+0x227/0x300\nvfs_read+0x1d5/0x8d0\nksys_read+0x11e/0x240\ndo_syscall_64+0x35/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nAllocated by task 7846:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\n__kasan_kmalloc+0x9e/0xa0\nbcm_sendmsg+0x264b/0x44e0\nsock_sendmsg+0xda/0x180\n____sys_sendmsg+0x735/0x920\n___sys_sendmsg+0x11d/0x1b0\n__sys_sendmsg+0xfa/0x1d0\ndo_syscall_64+0x35/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 7846:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\nkasan_save_free_info+0x27/0x40\n____kasan_slab_free+0x161/0x1c0\nslab_free_freelist_hook+0x119/0x220\n__kmem_cache_free+0xb4/0x2e0\nrcu_core+0x809/0x1bd0\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52922" } ], "release_date": "2024-11-28T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }