{"id":"CVE-2023-52846","summary":"hsr: Prevent use after free in prp_create_tagged_frame()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Prevent use after free in prp_create_tagged_frame()\n\nThe prp_fill_rct() function can fail.  In that situation, it frees the\nskb and returns NULL.  Meanwhile on the success path, it returns the\noriginal skb.  So it's straight forward to fix bug by using the returned\nvalue.","modified":"2026-05-28T03:54:45.644608150Z","published":"2024-05-21T15:31:43.863Z","related":["SUSE-SU-2024:2372-1","SUSE-SU-2024:2385-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2495-1","SUSE-SU-2024:2571-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:3318-1","SUSE-SU-2024:3319-1","SUSE-SU-2024:3320-1","SUSE-SU-2024:3334-1","SUSE-SU-2024:3336-1","SUSE-SU-2024:3347-1","SUSE-SU-2024:3348-1","SUSE-SU-2024:3349-1","SUSE-SU-2024:3350-1","SUSE-SU-2024:3361-1","SUSE-SU-2024:3363-1","SUSE-SU-2024:3365-1","SUSE-SU-2024:3368-1","SUSE-SU-2024:3370-1","SUSE-SU-2024:3375-1","SUSE-SU-2024:3379-1","SUSE-SU-2024:3395-1","SUSE-SU-2024:3399-1","SUSE-SU-2024:3405-1","SUSE-SU-2024:3425-1","SUSE-SU-2024:3468-1","SUSE-SU-2024:3623-1","SUSE-SU-2024:3625-1","SUSE-SU-2024:3631-1","SUSE-SU-2024:3632-1","SUSE-SU-2024:3636-1","SUSE-SU-2024:3639-1","SUSE-SU-2024:3666-1","SUSE-SU-2024:3672-1","SUSE-SU-2024:3679-1","SUSE-SU-2024:3694-1","SUSE-SU-2024:3695-1","SUSE-SU-2024:3696-1","SUSE-SU-2024:3697-1","SUSE-SU-2024:3700-1","SUSE-SU-2024:3701-1","SUSE-SU-2024:3702-1","SUSE-SU-2024:3710-1","SUSE-SU-2024:3780-1","SUSE-SU-2024:3793-1","SUSE-SU-2024:3806-1","SUSE-SU-2024:3815-1","SUSE-SU-2024:3829-1","SUSE-SU-2024:3830-1","SUSE-SU-2024:3831-1","SUSE-SU-2024:3833-1","SUSE-SU-2024:3837-1","SUSE-SU-2024:3840-1","SUSE-SU-2024:3842-1","SUSE-SU-2024:3851-1","SUSE-SU-2024:3852-1","SUSE-SU-2024:3855-1","SUSE-SU-2024:3857-1","SUSE-SU-2024:3860-1","SUSE-SU-2024:3880-1","SUSE-SU-2024:4122-1","SUSE-SU-2024:4123-1","SUSE-SU-2024:4124-1","SUSE-SU-2024:4125-1","SUSE-SU-2024:4127-1","SUSE-SU-2024:4207-1","SUSE-SU-2024:4214-1","SUSE-SU-2024:4216-1","SUSE-SU-2024:4218-1","SUSE-SU-2024:4228-1","SUSE-SU-2024:4234-1","SUSE-SU-2024:4235-1","SUSE-SU-2024:4236-1","SUSE-SU-2024:4243-1","SUSE-SU-2024:4266-1","SUSE-SU-2024:4275-1","SUSE-SU-2025:0107-1","SUSE-SU-2025:0109-1","SUSE-SU-2025:0110-1","SUSE-SU-2025:0114-1","SUSE-SU-2025:0115-1","SUSE-SU-2025:0124-1","SUSE-SU-2025:0138-1","SUSE-SU-2025:0146-1","SUSE-SU-2025:0150-1","SUSE-SU-2025:0158-1","SUSE-SU-2025:0164-1","SUSE-SU-2025:0248-1","SUSE-SU-2025:0249-1","SUSE-SU-2025:0251-1","SUSE-SU-2025:0252-1","SUSE-SU-2025:0253-1","SUSE-SU-2025:0254-1","SUSE-SU-2025:0260-1","SUSE-SU-2025:0261-1","SUSE-SU-2025:0264-1","SUSE-SU-2025:0266-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52846.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db"},{"type":"WEB","url":"https://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827da"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52846.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52846"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"451d8123f89791bb628277c0bdb4cae34a3563e6"},{"fixed":"ddf4e04e946aaa6c458b8b6829617cc44af2bffd"},{"fixed":"a1a485e45d24b1cd8fe834fd6f1b06e2903827da"},{"fixed":"6086258bd5ea7b5c706ff62da42b8e271b2401db"},{"fixed":"1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18"},{"fixed":"d103fb6726904e353b4773188ee3d3acb4078363"},{"fixed":"876f8ab52363f649bcc74072157dfd7adfbabc0d"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52846.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.9.0"},{"fixed":"5.10.201"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.139"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.63"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.5.12"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.6.0"},{"fixed":"6.6.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52846.json"}}],"schema_version":"1.7.5"}