CVE-2023-52880Resource Injection in Linux

CWE-99Resource Injection57 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.0
EPSS
0.0%
top 97.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 24
Latest updateMar 26

Description

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.205.4.274+5
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+9
CVEListV5linux/linuxe1eaea46bb4020b38a141b84f88565d4603f8dd07d303dee473ba3529d75b63491e9963342107bed+6
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

27
OSV
Kernel Live Patch Security Notice2025-03-26
OSV
linux-lts-xenial vulnerabilities2025-03-13
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-03-13
OSV
linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle vulnerabilities2025-03-11
OSV
linux-kvm vulnerabilities2025-03-11

📋Vendor Advisories

28
Ubuntu
Kernel Live Patch Security Notice2025-03-26
Ubuntu
Linux kernel vulnerabilities2025-03-13
Ubuntu
Linux kernel vulnerabilities2025-03-13
Ubuntu
Linux kernel vulnerabilities2025-03-11
Ubuntu
Linux kernel vulnerabilities2025-03-11

💬Community

1
Bugzilla
CVE-2023-52880 kernel: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc2024-05-27