CVE-2023-52989 (GCVE-0-2023-52989)
Vulnerability from cvelistv5
Published
2025-03-27 16:43
Modified
2025-10-01 20:17
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue of use-after-free. The subsystem allows multiple user space listeners to the region, while data of the payload was likely released before the listeners execute read(2) to access to it for copying to user space. The issue was fixed by a commit 281e20323ab7 ("firewire: core: fix use-after-free regression in FCP handler"). The object of payload is duplicated in kernel space for each listener. When the listener executes ioctl(2) with FW_CDEV_IOC_SEND_RESPONSE request, the object is going to be released. However, it causes memory leak since the commit relies on call of release_request() in drivers/firewire/core-cdev.c. Against the expectation, the function is never called due to the design of release_client_resource(). The function delegates release task to caller when called with non-NULL fourth argument. The implementation of ioctl_send_response() is the case. It should release the object explicitly. This commit fixes the bug.
References
Impacted products
Vendor Product Version
Linux Linux Version: 281e20323ab72180137824a298ee9e21e6f9acf6
Version: 281e20323ab72180137824a298ee9e21e6f9acf6
Version: 281e20323ab72180137824a298ee9e21e6f9acf6
Version: 281e20323ab72180137824a298ee9e21e6f9acf6
Version: 281e20323ab72180137824a298ee9e21e6f9acf6
Version: 281e20323ab72180137824a298ee9e21e6f9acf6
Version: 281e20323ab72180137824a298ee9e21e6f9acf6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:08:23.579210Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:04.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/core-cdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b2cd3947d116bb9ba7ff097b5fc747a8956764db",
              "status": "affected",
              "version": "281e20323ab72180137824a298ee9e21e6f9acf6",
              "versionType": "git"
            },
            {
              "lessThan": "356ff89acdbe6a66019154bc7eb2d300f5b15103",
              "status": "affected",
              "version": "281e20323ab72180137824a298ee9e21e6f9acf6",
              "versionType": "git"
            },
            {
              "lessThan": "53785fd9b315583cf029e39f72b73d23704a2253",
              "status": "affected",
              "version": "281e20323ab72180137824a298ee9e21e6f9acf6",
              "versionType": "git"
            },
            {
              "lessThan": "d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee",
              "status": "affected",
              "version": "281e20323ab72180137824a298ee9e21e6f9acf6",
              "versionType": "git"
            },
            {
              "lessThan": "5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e",
              "status": "affected",
              "version": "281e20323ab72180137824a298ee9e21e6f9acf6",
              "versionType": "git"
            },
            {
              "lessThan": "c8bdc88216f09cb7387fedbdf613524367328616",
              "status": "affected",
              "version": "281e20323ab72180137824a298ee9e21e6f9acf6",
              "versionType": "git"
            },
            {
              "lessThan": "531390a243ef47448f8bad01c186c2787666bf4d",
              "status": "affected",
              "version": "281e20323ab72180137824a298ee9e21e6f9acf6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/core-cdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.306",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.273",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.232",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.168",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.93",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.11",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region\n\nThis patch is fix for Linux kernel v2.6.33 or later.\n\nFor request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem\nhave had an issue of use-after-free. The subsystem allows multiple\nuser space listeners to the region, while data of the payload was likely\nreleased before the listeners execute read(2) to access to it for copying\nto user space.\n\nThe issue was fixed by a commit 281e20323ab7 (\"firewire: core: fix\nuse-after-free regression in FCP handler\"). The object of payload is\nduplicated in kernel space for each listener. When the listener executes\nioctl(2) with FW_CDEV_IOC_SEND_RESPONSE request, the object is going to\nbe released.\n\nHowever, it causes memory leak since the commit relies on call of\nrelease_request() in drivers/firewire/core-cdev.c. Against the\nexpectation, the function is never called due to the design of\nrelease_client_resource(). The function delegates release task\nto caller when called with non-NULL fourth argument. The implementation\nof ioctl_send_response() is the case. It should release the object\nexplicitly.\n\nThis commit fixes the bug."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:47:01.624Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b2cd3947d116bb9ba7ff097b5fc747a8956764db"
        },
        {
          "url": "https://git.kernel.org/stable/c/356ff89acdbe6a66019154bc7eb2d300f5b15103"
        },
        {
          "url": "https://git.kernel.org/stable/c/53785fd9b315583cf029e39f72b73d23704a2253"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8bdc88216f09cb7387fedbdf613524367328616"
        },
        {
          "url": "https://git.kernel.org/stable/c/531390a243ef47448f8bad01c186c2787666bf4d"
        }
      ],
      "title": "firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52989",
    "datePublished": "2025-03-27T16:43:25.684Z",
    "dateReserved": "2025-03-27T16:40:15.741Z",
    "dateUpdated": "2025-10-01T20:17:04.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52989\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-03-27T17:15:46.293\",\"lastModified\":\"2025-10-01T21:15:42.013\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfirewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region\\n\\nThis patch is fix for Linux kernel v2.6.33 or later.\\n\\nFor request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem\\nhave had an issue of use-after-free. The subsystem allows multiple\\nuser space listeners to the region, while data of the payload was likely\\nreleased before the listeners execute read(2) to access to it for copying\\nto user space.\\n\\nThe issue was fixed by a commit 281e20323ab7 (\\\"firewire: core: fix\\nuse-after-free regression in FCP handler\\\"). The object of payload is\\nduplicated in kernel space for each listener. When the listener executes\\nioctl(2) with FW_CDEV_IOC_SEND_RESPONSE request, the object is going to\\nbe released.\\n\\nHowever, it causes memory leak since the commit relies on call of\\nrelease_request() in drivers/firewire/core-cdev.c. Against the\\nexpectation, the function is never called due to the design of\\nrelease_client_resource(). The function delegates release task\\nto caller when called with non-NULL fourth argument. The implementation\\nof ioctl_send_response() is the case. It should release the object\\nexplicitly.\\n\\nThis commit fixes the bug.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firewire: correcci\u00f3n de fuga de memoria para el payload de la subacci\u00f3n de solicitud a la regi\u00f3n FCP IEC 61883-1. Este parche es una correcci\u00f3n para el kernel de Linux v2.6.33 o posterior. Para la subacci\u00f3n de solicitud a la regi\u00f3n FCP IEC 61883-1, el subsistema FireWire de Linux ha tenido un problema de use-after-free. El subsistema permite que varios oyentes del espacio de usuario accedan a la regi\u00f3n, mientras que los datos de el payload probablemente se liberaron antes de que los oyentes ejecutaran read(2) para acceder a ellos para copiarlos al espacio de usuario. El problema se solucion\u00f3 mediante un commit 281e20323ab7 (\\\"firewire: core: correcci\u00f3n de la regresi\u00f3n de use-after-free en el controlador FCP\\\"). El objeto de el payload se duplica en el espacio del kernel para cada oyente. Cuando el oyente ejecuta ioctl(2) con la solicitud FW_CDEV_IOC_SEND_RESPONSE, el objeto se liberar\u00e1. Sin embargo, esto causa una fuga de memoria, ya que el commit depende de la llamada a release_request() en drivers/firewire/core-cdev.c. Contrariamente a lo esperado, la funci\u00f3n nunca se llama debido al dise\u00f1o de release_client_resource(). La funci\u00f3n delega la tarea de liberaci\u00f3n al llamador cuando se llama con un cuarto argumento distinto de NULL. La implementaci\u00f3n de ioctl_send_response() es la correcta. Deber\u00eda liberar el objeto expl\u00edcitamente. Esta confirmaci\u00f3n corrige el error.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.33\",\"versionEndExcluding\":\"4.14.306\",\"matchCriteriaId\":\"DB481E70-4E92-4A19-88FC-7A6923121461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.273\",\"matchCriteriaId\":\"FC86F278-A337-4A8A-A7BB-758898345802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.232\",\"matchCriteriaId\":\"9C6E0696-3702-4B0C-A102-2753BDC8C3D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.168\",\"matchCriteriaId\":\"12258A3F-04BD-49C9-9C6B-D3C1945E8910\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.93\",\"matchCriteriaId\":\"98FAC10E-42A0-4372-B1A0-A49CF672890E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.11\",\"matchCriteriaId\":\"535D03F4-DA02-49FE-934E-668827E6407B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF501633-2F44-4913-A8EE-B021929F49F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BDA597B-CAC1-4DF0-86F0-42E142C654E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"725C78C9-12CE-406F-ABE8-0813A01D66E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A127C155-689C-4F67-B146-44A57F4BFD85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D34127CC-68F5-4703-A5F6-5006F803E4AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB8D555-648E-4F2F-98BD-3E7F45BD12A8\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/356ff89acdbe6a66019154bc7eb2d300f5b15103\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/531390a243ef47448f8bad01c186c2787666bf4d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/53785fd9b315583cf029e39f72b73d23704a2253\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b2cd3947d116bb9ba7ff097b5fc747a8956764db\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c8bdc88216f09cb7387fedbdf613524367328616\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52989\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T20:08:23.579210Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"CWE-401 Missing Release of Memory after Effective Lifetime\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T14:36:25.556Z\"}}], \"cna\": {\"title\": \"firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"281e20323ab72180137824a298ee9e21e6f9acf6\", \"lessThan\": \"b2cd3947d116bb9ba7ff097b5fc747a8956764db\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"281e20323ab72180137824a298ee9e21e6f9acf6\", \"lessThan\": \"356ff89acdbe6a66019154bc7eb2d300f5b15103\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"281e20323ab72180137824a298ee9e21e6f9acf6\", \"lessThan\": \"53785fd9b315583cf029e39f72b73d23704a2253\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"281e20323ab72180137824a298ee9e21e6f9acf6\", \"lessThan\": \"d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"281e20323ab72180137824a298ee9e21e6f9acf6\", \"lessThan\": \"5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"281e20323ab72180137824a298ee9e21e6f9acf6\", \"lessThan\": \"c8bdc88216f09cb7387fedbdf613524367328616\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"281e20323ab72180137824a298ee9e21e6f9acf6\", \"lessThan\": \"531390a243ef47448f8bad01c186c2787666bf4d\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/firewire/core-cdev.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.33\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.33\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.14.306\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.273\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.232\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.168\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.93\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.11\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.2\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/firewire/core-cdev.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/b2cd3947d116bb9ba7ff097b5fc747a8956764db\"}, {\"url\": \"https://git.kernel.org/stable/c/356ff89acdbe6a66019154bc7eb2d300f5b15103\"}, {\"url\": \"https://git.kernel.org/stable/c/53785fd9b315583cf029e39f72b73d23704a2253\"}, {\"url\": \"https://git.kernel.org/stable/c/d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee\"}, {\"url\": \"https://git.kernel.org/stable/c/5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e\"}, {\"url\": \"https://git.kernel.org/stable/c/c8bdc88216f09cb7387fedbdf613524367328616\"}, {\"url\": \"https://git.kernel.org/stable/c/531390a243ef47448f8bad01c186c2787666bf4d\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfirewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region\\n\\nThis patch is fix for Linux kernel v2.6.33 or later.\\n\\nFor request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem\\nhave had an issue of use-after-free. The subsystem allows multiple\\nuser space listeners to the region, while data of the payload was likely\\nreleased before the listeners execute read(2) to access to it for copying\\nto user space.\\n\\nThe issue was fixed by a commit 281e20323ab7 (\\\"firewire: core: fix\\nuse-after-free regression in FCP handler\\\"). The object of payload is\\nduplicated in kernel space for each listener. When the listener executes\\nioctl(2) with FW_CDEV_IOC_SEND_RESPONSE request, the object is going to\\nbe released.\\n\\nHowever, it causes memory leak since the commit relies on call of\\nrelease_request() in drivers/firewire/core-cdev.c. Against the\\nexpectation, the function is never called due to the design of\\nrelease_client_resource(). The function delegates release task\\nto caller when called with non-NULL fourth argument. The implementation\\nof ioctl_send_response() is the case. It should release the object\\nexplicitly.\\n\\nThis commit fixes the bug.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.306\", \"versionStartIncluding\": \"2.6.33\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.273\", \"versionStartIncluding\": \"2.6.33\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.232\", \"versionStartIncluding\": \"2.6.33\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.168\", \"versionStartIncluding\": \"2.6.33\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.93\", \"versionStartIncluding\": \"2.6.33\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.11\", \"versionStartIncluding\": \"2.6.33\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.2\", \"versionStartIncluding\": \"2.6.33\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:47:01.624Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-52989\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-01T20:17:04.888Z\", \"dateReserved\": \"2025-03-27T16:40:15.741Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-03-27T16:43:25.684Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.