How severe is CVE-2023-52699?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-52699?

This is classified as CWE-667, which is a common weakness in software security.

CVE-2023-52699

MEDIUM Year: 2023

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-667

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock).

CVE-2021-47192

MEDIUM

CVSS:5.3(Medium)

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core:...

CWE-6672021

CVE-2022-31621

MEDIUM

CVSS:5.3(Medium)

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the ...

CWE-6672022

CVE-2022-48634

MEDIUM

CVSS:5.3(Medium)

In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock w...

CWE-6672022

CVE-2023-3750

MEDIUM

CVSS:5.3(Medium)

A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same ob...

CWE-6672023

CVE-2024-32648

MEDIUM

CVSS:5.3(Medium)

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable produ...

CWE-6672024

CVE-2024-38582

MEDIUM

CVSS:5.3(Medium)

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called dur...

CWE-6672024

CVE-2023-52699

Vulnerability Description

Related Vulnerabilities

CVE-2021-47192

CVE-2022-31621

CVE-2022-48634

CVE-2023-3750

CVE-2024-32648

CVE-2024-38582