{"vulnerability": "CVE-2023-52906", "sightings": [{"uuid": "58162414-7eb9-47f1-87e0-dcc34f9900e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52906", "type": "seen", "source": "https://t.me/cvedetector/3755", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-52906 - Linux kernel NetMPLSIncorrectAttributeType\", \n  \"Content\": \"CVE ID : CVE-2023-52906 \nPublished : Aug. 21, 2024, 7:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet/sched: act_mpls: Fix warning during failed attribute validation  \n  \nThe 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a  \nvalidation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid  \ncombination according to the comment above 'struct nla_policy':  \n  \n\"  \nMeaning of `validate' field, use via NLA_POLICY_VALIDATE_FN:  \n   NLA_BINARY           Validation function called for the attribute.  \n   All other            Unused - but note that it's a union  \n\"  \n  \nThis can trigger the warning [1] in nla_get_range_unsigned() when  \nvalidation of the attribute fails. Despite being of 'NLA_U32' type, the  \nassociated 'min'/'max' fields in the policy are negative as they are  \naliased by the 'validate' field.  \n  \nFix by changing the attribute type to 'NLA_BINARY' which is consistent  \nwith the above comment and all other users of NLA_POLICY_VALIDATE_FN().  \nAs a result, move the length validation to the validation function.  \n  \nNo regressions in MPLS tests:  \n  \n # ./tdc.py -f tc-tests/actions/mpls.json  \n [...]  \n # echo $?  \n 0  \n  \n[1]  \nWARNING: CPU: 0 PID: 17743 at lib/nlattr.c:118  \nnla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117  \nModules linked in:  \nCPU: 0 PID: 17743 Comm: syz-executor.0 Not tainted 6.1.0-rc8 #3  \nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS  \nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014  \nRIP: 0010:nla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117  \n[...]  \nCall Trace:  \n   \n __netlink_policy_dump_write_attr+0x23d/0x990 net/netlink/policy.c:310  \n netlink_policy_dump_write_attr+0x22/0x30 net/netlink/policy.c:411  \n netlink_ack_tlv_fill net/netlink/af_netlink.c:2454 [inline]  \n netlink_ack+0x546/0x760 net/netlink/af_netlink.c:2506  \n netlink_rcv_skb+0x1b7/0x240 net/netlink/af_netlink.c:2546  \n rtnetlink_rcv+0x18/0x20 net/core/rtnetlink.c:6109  \n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]  \n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1345  \n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1921  \n sock_sendmsg_nosec net/socket.c:714 [inline]  \n sock_sendmsg net/socket.c:734 [inline]  \n ____sys_sendmsg+0x38f/0x500 net/socket.c:2482  \n ___sys_sendmsg net/socket.c:2536 [inline]  \n __sys_sendmsg+0x197/0x230 net/socket.c:2565  \n __do_sys_sendmsg net/socket.c:2574 [inline]  \n __se_sys_sendmsg net/socket.c:2572 [inline]  \n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2572  \n do_syscall_x64 arch/x86/entry/common.c:50 [inline]  \n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80  \n entry_SYSCALL_64_after_hwframe+0x63/0xcd \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T09:52:21.000000Z"}]}