{"id":"CVE-2023-52502","summary":"net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear.","modified":"2026-04-02T09:42:54.632523Z","published":"2024-03-02T21:52:17.218Z","related":["SUSE-SU-2024:0856-1","SUSE-SU-2024:0857-1","SUSE-SU-2024:0925-1","SUSE-SU-2024:0926-1","SUSE-SU-2024:0975-1","SUSE-SU-2024:0976-1","SUSE-SU-2024:1320-1","SUSE-SU-2024:1321-1","SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1490-1","SUSE-SU-2024:1677-1","SUSE-SU-2024:1679-1","SUSE-SU-2024:1680-1","SUSE-SU-2024:1682-1","SUSE-SU-2024:1685-1","SUSE-SU-2024:1686-1","SUSE-SU-2024:1692-1","SUSE-SU-2024:1695-1","SUSE-SU-2024:1696-1","SUSE-SU-2024:1705-1","SUSE-SU-2024:1706-1","SUSE-SU-2024:1707-1","SUSE-SU-2024:1709-1","SUSE-SU-2024:1711-1","SUSE-SU-2024:1712-1","SUSE-SU-2024:1713-1","SUSE-SU-2024:1720-1","SUSE-SU-2024:1723-1","SUSE-SU-2024:1726-1","SUSE-SU-2024:1729-1","SUSE-SU-2024:1731-1","SUSE-SU-2024:1732-1","SUSE-SU-2024:1735-1","SUSE-SU-2024:1736-1","SUSE-SU-2024:1739-1","SUSE-SU-2024:1740-1","SUSE-SU-2024:1742-1","SUSE-SU-2024:1746-1","SUSE-SU-2024:1748-1","SUSE-SU-2024:1749-1","SUSE-SU-2024:1751-1","SUSE-SU-2024:1753-1","SUSE-SU-2024:1757-1","SUSE-SU-2024:1759-1","SUSE-SU-2024:2092-1","SUSE-SU-2024:2100-1","SUSE-SU-2024:2162-1","SUSE-SU-2024:2163-1","SUSE-SU-2024:2207-1","SUSE-SU-2024:2208-1","SUSE-SU-2024:2337-1","SUSE-SU-2024:2382-1","SUSE-SU-2024:2446-1","SUSE-SU-2024:2447-1","SUSE-SU-2024:2472-1","SUSE-SU-2024:2722-1","SUSE-SU-2024:2751-1","SUSE-SU-2024:2824-1","SUSE-SU-2024:2840-1","SUSE-SU-2024:2850-1","SUSE-SU-2024:2851-1","SUSE-SU-2024:3318-1","SUSE-SU-2024:3347-1","SUSE-SU-2024:3368-1","SUSE-SU-2024:3379-1","SUSE-SU-2024:3399-1","SUSE-SU-2024:3623-1","SUSE-SU-2024:3631-1","SUSE-SU-2024:3694-1","SUSE-SU-2024:3695-1","SUSE-SU-2024:3697-1","SUSE-SU-2024:3793-1","SUSE-SU-2024:3815-1","SUSE-SU-2024:3829-1","SUSE-SU-2024:3837-1","SUSE-SU-2024:3842-1","SUSE-SU-2024:3852-1","SUSE-SU-2024:4122-1","SUSE-SU-2024:4123-1","SUSE-SU-2024:4214-1","SUSE-SU-2024:4218-1","SUSE-SU-2024:4234-1","SUSE-SU-2024:4266-1","SUSE-SU-2025:0107-1","SUSE-SU-2025:0109-1","SUSE-SU-2025:0115-1","SUSE-SU-2025:0158-1","SUSE-SU-2025:0251-1","SUSE-SU-2025:0252-1","SUSE-SU-2025:0261-1","SUSE-SU-2025:0266-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52502.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52502.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52502"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8f50020ed9b81ba909ce9573f9d05263cdebf502"},{"fixed":"e863f5720a5680e50c4cecf12424d7cc31b3eb0a"},{"fixed":"7adcf014bda16cdbf804af5c164d94d5d025db2d"},{"fixed":"6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"},{"fixed":"d888d3f70b0de32b4f51534175f039ddab15eef8"},{"fixed":"e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"},{"fixed":"d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"},{"fixed":"31c07dffafce914c1d1543c135382a11ff058d93"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52502.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}