How severe is CVE-2023-52872?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-52872?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2023-52872

MEDIUM Year: 2023

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data queues. This procedure, however, may cause subsequent changes of the virtual modem status lines of a DLCI. More data is being added the outgoing data queue and the deleted kick timer is restarted to handle this. At this point many resources have already been removed by the cleanup procedure. Thus, a kernel panic occurs. Fix this by proving in gsm_modem_update() that the cleanup procedure has not been started and the mux is still alive. Note that writing to a virtual tty is already protected by checks against the DLCI specific connection state.

CVE-2014-0196

MEDIUM

CVSS:5.5(Medium)

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial o...

CWE-3622014

CVE-2015-7550

MEDIUM

CVSS:5.5(Medium)

The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereferen...

CWE-3622015

CVE-2016-7916

MEDIUM

CVSS:5.5(Medium)

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file d...

CWE-3622016

CVE-2017-14483

MEDIUM

CVSS:5.5(Medium)

flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by lever...

CWE-3622017

CVE-2017-5427

MEDIUM

CVSS:5.5(Medium)

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced fi...

CWE-3622017

CVE-2017-5986

MEDIUM

CVSS:5.5(Medium)

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithre...

CWE-3622017

CVE-2023-52872

Vulnerability Description

Related Vulnerabilities

CVE-2014-0196

CVE-2015-7550

CVE-2016-7916

CVE-2017-14483

CVE-2017-5427

CVE-2017-5986