CVE-2023-52556

Published: Mar 1, 2024Modified: Oct 10, 2025

6.2

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.5 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.

Affected (10)

Products: Openbsd: Openbsd

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Openbsd Openbsd	Before 7.4
Openbsd Openbsd	Version 7.4
Openbsd Openbsd	Version 7.4 errata_001
Openbsd Openbsd	Version 7.4 errata_002
Openbsd Openbsd	Version 7.4 errata_003
Openbsd Openbsd	Version 7.4 errata_004
Openbsd Openbsd	Version 7.4 errata_005
Openbsd Openbsd	Version 7.4 errata_006
Openbsd Openbsd	Version 7.4 errata_007
Openbsd Openbsd	Version 7.4 errata_008

Related CWEs

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (4)

https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/009_pf.patch.sig

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Patch

https://github.com/openbsd/src/commit/9d9f4dc6c833cb79d13f836581e3a781d06842e7

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Patch

https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/009_pf.patch.sig

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/openbsd/src/commit/9d9f4dc6c833cb79d13f836581e3a781d06842e7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.