cvelistv5 - CVE-2023-26605

CVE-2023-26605 (GCVE-0-2023-26605)

Vulnerability from cvelistv5

Published

2023-02-26 00:00

Modified

2025-05-05 16:04

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

References

URL

Tags

cve@mitre.org	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4
cve@mitre.org	https://lkml.org/lkml/2023/2/22/3	Exploit
cve@mitre.org	https://security.netapp.com/advisory/ntap-20230316-0010/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4
af854a3a-2127-422b-91ae-364da2661108	https://lkml.org/lkml/2023/2/22/3	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230316-0010/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:53:54.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2023/2/22/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-26605",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:29:26.813449Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:04:13.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T00:41:03.108Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lkml.org/lkml/2023/2/22/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-26605",
    "datePublished": "2023-02-26T00:00:00.000Z",
    "dateReserved": "2023-02-26T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:04:13.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-26605\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-02-26T23:15:10.827\",\"lastModified\":\"2025-05-05T16:15:31.580\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.75\",\"versionEndExcluding\":\"5.15.81\",\"matchCriteriaId\":\"C15A1592-2D11-489C-A208-5474834B2E80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.19.17\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"25175142-441A-4526-B1D9-18913C052F3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.3\",\"versionEndExcluding\":\"6.0.11\",\"matchCriteriaId\":\"73FC69CE-E4BD-4315-AC3C-42B1AD292E2A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lkml.org/lkml/2023/2/22/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230316-0010/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lkml.org/lkml/2023/2/22/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230316-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2023-0481

Vulnerability from csaf_certbund

Published

2023-02-26 23:00

Modified

2024-06-11 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0481 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0481.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0481 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0481"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-26",
        "url": "https://github.com/advisories/GHSA-26cr-ccpq-mr63"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-26",
        "url": "https://github.com/advisories/GHSA-5gr9-2c49-vhjx"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-26",
        "url": "https://github.com/advisories/GHSA-95xh-qwg7-2r9x"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-26",
        "url": "https://github.com/advisories/GHSA-hh6r-xc8x-f53f"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5950-1 vom 2023-03-14",
        "url": "https://ubuntu.com/security/notices/USN-5950-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5962-1 vom 2023-03-16",
        "url": "https://ubuntu.com/security/notices/USN-5962-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5975-1 vom 2023-03-28",
        "url": "https://ubuntu.com/security/notices/USN-5975-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5982-1 vom 2023-03-28",
        "url": "https://ubuntu.com/security/notices/USN-5982-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5987-1 vom 2023-03-29",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2023032946"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6000-1 vom 2023-04-06",
        "url": "https://ubuntu.com/security/notices/USN-6000-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6001-1 vom 2023-04-06",
        "url": "https://ubuntu.com/security/notices/USN-6001-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6004-1 vom 2023-04-11",
        "url": "https://ubuntu.com/security/notices/USN-6004-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6007-1 vom 2023-04-12",
        "url": "https://ubuntu.com/security/notices/USN-6007-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6013-1 vom 2023-04-12",
        "url": "https://ubuntu.com/security/notices/USN-6014-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice LSN-0094-1 vom 2023-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6024-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6032-1 vom 2023-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6032-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6031-1 vom 2023-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6031-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6024-1 vom 2023-04-25",
        "url": "https://ubuntu.com/security/notices/USN-6040-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6043-1 vom 2023-04-26",
        "url": "https://ubuntu.com/security/notices/USN-6043-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6079-1 vom 2023-05-16",
        "url": "https://ubuntu.com/security/notices/USN-6079-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6091-1 vom 2023-05-18",
        "url": "https://ubuntu.com/security/notices/USN-6091-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6096-1 vom 2023-05-23",
        "url": "https://ubuntu.com/security/notices/USN-6096-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6122-1 vom 2023-05-30",
        "url": "https://ubuntu.com/security/notices/USN-6123-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6174-1 vom 2023-06-16",
        "url": "https://ubuntu.com/security/notices/USN-6174-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6235-1 vom 2023-07-18",
        "url": "https://ubuntu.com/security/notices/USN-6235-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-037 vom 2024-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-037.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-071 vom 2024-06-12",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-071.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:44:49.965+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0481",
      "initial_release_date": "2023-02-26T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-26T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-03-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-27T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-29T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-05T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-11T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-12T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-19T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-24T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-26T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-05-16T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-05-18T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-05-22T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-05-30T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-06-18T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-07-18T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-02-05T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "21"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.0.8",
                "product": {
                  "name": "Open Source Linux Kernel 6.0.8",
                  "product_id": "1322464",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.0.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26544",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel existieren mehrere Schwachstellen, die bisher noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Die Fehler bestehen aufgrund mehrerer Use-after-free-Fehler in ntfs_trim_fs in fs/ntfs3/bitmap.c, inode_cgwb_move_to_attached in fs/fs-writeback.c und run_unpack in fs/ntfs3/run.c, sowie einem Out-of-bounds-Read in ntfs_attr_find in fs/ntfs/attrib.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1322464",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2023-02-26T23:00:00.000+00:00",
      "title": "CVE-2023-26544"
    },
    {
      "cve": "CVE-2023-26605",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel existieren mehrere Schwachstellen, die bisher noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Die Fehler bestehen aufgrund mehrerer Use-after-free-Fehler in ntfs_trim_fs in fs/ntfs3/bitmap.c, inode_cgwb_move_to_attached in fs/fs-writeback.c und run_unpack in fs/ntfs3/run.c, sowie einem Out-of-bounds-Read in ntfs_attr_find in fs/ntfs/attrib.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1322464",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2023-02-26T23:00:00.000+00:00",
      "title": "CVE-2023-26605"
    },
    {
      "cve": "CVE-2023-26606",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel existieren mehrere Schwachstellen, die bisher noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Die Fehler bestehen aufgrund mehrerer Use-after-free-Fehler in ntfs_trim_fs in fs/ntfs3/bitmap.c, inode_cgwb_move_to_attached in fs/fs-writeback.c und run_unpack in fs/ntfs3/run.c, sowie einem Out-of-bounds-Read in ntfs_attr_find in fs/ntfs/attrib.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1322464",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2023-02-26T23:00:00.000+00:00",
      "title": "CVE-2023-26606"
    },
    {
      "cve": "CVE-2023-26607",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel existieren mehrere Schwachstellen, die bisher noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Die Fehler bestehen aufgrund mehrerer Use-after-free-Fehler in ntfs_trim_fs in fs/ntfs3/bitmap.c, inode_cgwb_move_to_attached in fs/fs-writeback.c und run_unpack in fs/ntfs3/run.c, sowie einem Out-of-bounds-Read in ntfs_attr_find in fs/ntfs/attrib.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1322464",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2023-02-26T23:00:00.000+00:00",
      "title": "CVE-2023-26607"
    }
  ]
}

wid-sec-w-2023-0481

Vulnerability from csaf_certbund

Published

2023-02-26 23:00

Modified

2024-06-11 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0481 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0481.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0481 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0481"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-26",
        "url": "https://github.com/advisories/GHSA-26cr-ccpq-mr63"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-26",
        "url": "https://github.com/advisories/GHSA-5gr9-2c49-vhjx"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-26",
        "url": "https://github.com/advisories/GHSA-95xh-qwg7-2r9x"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-26",
        "url": "https://github.com/advisories/GHSA-hh6r-xc8x-f53f"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5950-1 vom 2023-03-14",
        "url": "https://ubuntu.com/security/notices/USN-5950-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5962-1 vom 2023-03-16",
        "url": "https://ubuntu.com/security/notices/USN-5962-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5975-1 vom 2023-03-28",
        "url": "https://ubuntu.com/security/notices/USN-5975-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5982-1 vom 2023-03-28",
        "url": "https://ubuntu.com/security/notices/USN-5982-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5987-1 vom 2023-03-29",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2023032946"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6000-1 vom 2023-04-06",
        "url": "https://ubuntu.com/security/notices/USN-6000-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6001-1 vom 2023-04-06",
        "url": "https://ubuntu.com/security/notices/USN-6001-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6004-1 vom 2023-04-11",
        "url": "https://ubuntu.com/security/notices/USN-6004-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6007-1 vom 2023-04-12",
        "url": "https://ubuntu.com/security/notices/USN-6007-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6013-1 vom 2023-04-12",
        "url": "https://ubuntu.com/security/notices/USN-6014-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice LSN-0094-1 vom 2023-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6024-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6032-1 vom 2023-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6032-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6031-1 vom 2023-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6031-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6024-1 vom 2023-04-25",
        "url": "https://ubuntu.com/security/notices/USN-6040-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6043-1 vom 2023-04-26",
        "url": "https://ubuntu.com/security/notices/USN-6043-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6079-1 vom 2023-05-16",
        "url": "https://ubuntu.com/security/notices/USN-6079-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6091-1 vom 2023-05-18",
        "url": "https://ubuntu.com/security/notices/USN-6091-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6096-1 vom 2023-05-23",
        "url": "https://ubuntu.com/security/notices/USN-6096-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6122-1 vom 2023-05-30",
        "url": "https://ubuntu.com/security/notices/USN-6123-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6174-1 vom 2023-06-16",
        "url": "https://ubuntu.com/security/notices/USN-6174-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6235-1 vom 2023-07-18",
        "url": "https://ubuntu.com/security/notices/USN-6235-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-037 vom 2024-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-037.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-071 vom 2024-06-12",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-071.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:44:49.965+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0481",
      "initial_release_date": "2023-02-26T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-26T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-03-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-27T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-29T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-05T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-11T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-12T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-19T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-24T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-04-26T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-05-16T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-05-18T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-05-22T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-05-30T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-06-18T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-07-18T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-02-05T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "21"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.0.8",
                "product": {
                  "name": "Open Source Linux Kernel 6.0.8",
                  "product_id": "1322464",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.0.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26544",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel existieren mehrere Schwachstellen, die bisher noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Die Fehler bestehen aufgrund mehrerer Use-after-free-Fehler in ntfs_trim_fs in fs/ntfs3/bitmap.c, inode_cgwb_move_to_attached in fs/fs-writeback.c und run_unpack in fs/ntfs3/run.c, sowie einem Out-of-bounds-Read in ntfs_attr_find in fs/ntfs/attrib.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1322464",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2023-02-26T23:00:00.000+00:00",
      "title": "CVE-2023-26544"
    },
    {
      "cve": "CVE-2023-26605",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel existieren mehrere Schwachstellen, die bisher noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Die Fehler bestehen aufgrund mehrerer Use-after-free-Fehler in ntfs_trim_fs in fs/ntfs3/bitmap.c, inode_cgwb_move_to_attached in fs/fs-writeback.c und run_unpack in fs/ntfs3/run.c, sowie einem Out-of-bounds-Read in ntfs_attr_find in fs/ntfs/attrib.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1322464",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2023-02-26T23:00:00.000+00:00",
      "title": "CVE-2023-26605"
    },
    {
      "cve": "CVE-2023-26606",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel existieren mehrere Schwachstellen, die bisher noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Die Fehler bestehen aufgrund mehrerer Use-after-free-Fehler in ntfs_trim_fs in fs/ntfs3/bitmap.c, inode_cgwb_move_to_attached in fs/fs-writeback.c und run_unpack in fs/ntfs3/run.c, sowie einem Out-of-bounds-Read in ntfs_attr_find in fs/ntfs/attrib.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1322464",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2023-02-26T23:00:00.000+00:00",
      "title": "CVE-2023-26606"
    },
    {
      "cve": "CVE-2023-26607",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel existieren mehrere Schwachstellen, die bisher noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Die Fehler bestehen aufgrund mehrerer Use-after-free-Fehler in ntfs_trim_fs in fs/ntfs3/bitmap.c, inode_cgwb_move_to_attached in fs/fs-writeback.c und run_unpack in fs/ntfs3/run.c, sowie einem Out-of-bounds-Read in ntfs_attr_find in fs/ntfs/attrib.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1322464",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2023-02-26T23:00:00.000+00:00",
      "title": "CVE-2023-26607"
    }
  ]
}

gsd-2023-26605

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

Aliases

CVE-2023-26605

Aliases

CVE-2023-26605

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-26605",
    "id": "GSD-2023-26605",
    "references": [
      "https://www.suse.com/security/cve/CVE-2023-26605.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-26605"
      ],
      "details": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.",
      "id": "GSD-2023-26605",
      "modified": "2023-12-13T01:20:53.591643Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-26605",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lkml.org/lkml/2023/2/22/3",
            "refsource": "MISC",
            "url": "https://lkml.org/lkml/2023/2/22/3"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230316-0010/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
          },
          {
            "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4",
            "refsource": "MISC",
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C15A1592-2D11-489C-A208-5474834B2E80",
                    "versionEndExcluding": "5.15.81",
                    "versionStartIncluding": "5.15.75",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "25175142-441A-4526-B1D9-18913C052F3E",
                    "versionEndExcluding": "6.0.0",
                    "versionStartIncluding": "5.19.17",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "73FC69CE-E4BD-4315-AC3C-42B1AD292E2A",
                    "versionEndExcluding": "6.0.11",
                    "versionStartIncluding": "6.0.3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid."
          }
        ],
        "id": "CVE-2023-26605",
        "lastModified": "2024-03-25T01:15:53.723",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-02-26T23:15:10.827",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ],
            "url": "https://lkml.org/lkml/2023/2/22/3"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-416"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ghsa-95xh-qwg7-2r9x

Vulnerability from github

Published

2023-02-27 00:30

Modified

2024-03-25 03:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-26605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-26T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.",
  "id": "GHSA-95xh-qwg7-2r9x",
  "modified": "2024-03-25T03:31:43Z",
  "published": "2023-02-27T00:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26605"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
    },
    {
      "type": "WEB",
      "url": "https://lkml.org/lkml/2023/2/22/3"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230316-0010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2023-AVI-0333

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code arbitraire à distance, une atteinte à l'intégrité des données, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 22.10
Ubuntu	Ubuntu	Ubuntu 16.04 ESM
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-6030-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6024-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6031-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6025-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6020-1 du 14 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6029-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu LSN-0094-1 du 18 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6033-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6027-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6032-1 du 19 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 22.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 16.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 22.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-28466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
    },
    {
      "name": "CVE-2023-28328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
    },
    {
      "name": "CVE-2023-1076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1076"
    },
    {
      "name": "CVE-2023-1281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2023-23455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
    },
    {
      "name": "CVE-2022-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
    },
    {
      "name": "CVE-2023-26606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26606"
    },
    {
      "name": "CVE-2023-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
    },
    {
      "name": "CVE-2023-1989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
    },
    {
      "name": "CVE-2023-28866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28866"
    },
    {
      "name": "CVE-2023-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
    },
    {
      "name": "CVE-2022-4842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4842"
    },
    {
      "name": "CVE-2022-3903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3903"
    },
    {
      "name": "CVE-2023-1074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
    },
    {
      "name": "CVE-2022-36280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
    },
    {
      "name": "CVE-2022-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2022-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
    },
    {
      "name": "CVE-2022-2196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
    },
    {
      "name": "CVE-2022-41849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
    },
    {
      "name": "CVE-2023-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1032"
    },
    {
      "name": "CVE-2023-1670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1670"
    },
    {
      "name": "CVE-2023-26607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
    },
    {
      "name": "CVE-2023-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
    },
    {
      "name": "CVE-2023-23559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
    },
    {
      "name": "CVE-2023-26605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26605"
    },
    {
      "name": "CVE-2023-22997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22997"
    },
    {
      "name": "CVE-2023-1990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1990"
    },
    {
      "name": "CVE-2022-21505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21505"
    },
    {
      "name": "CVE-2023-1998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
    },
    {
      "name": "CVE-2023-26545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
    },
    {
      "name": "CVE-2021-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
    },
    {
      "name": "CVE-2023-25012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25012"
    },
    {
      "name": "CVE-2023-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1095"
    },
    {
      "name": "CVE-2023-1118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2023-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
    },
    {
      "name": "CVE-2022-3424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
    },
    {
      "name": "CVE-2022-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3108"
    },
    {
      "name": "CVE-2023-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
    },
    {
      "name": "CVE-2023-30456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
    },
    {
      "name": "CVE-2023-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
    },
    {
      "name": "CVE-2023-1077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
    },
    {
      "name": "CVE-2023-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
    },
    {
      "name": "CVE-2023-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1652"
    },
    {
      "name": "CVE-2023-0468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0468"
    },
    {
      "name": "CVE-2023-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1583"
    }
  ],
  "initial_release_date": "2023-04-21T00:00:00",
  "last_revision_date": "2023-04-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0333",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6030-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6030-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6024-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6024-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6031-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6031-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6025-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6025-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6020-1 du 14 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6020-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6029-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6029-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0094-1 du 18 avril 2023",
      "url": "https://ubuntu.com/security/notices/LSN-0094-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6033-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6033-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6027-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6027-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6032-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6032-1"
    }
  ]
}

CERTFR-2023-AVI-0244

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 22.10
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-5962-1 du 16 mars 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-5951-1 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-5950-1 du 14 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 22.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 22.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-47521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47521"
    },
    {
      "name": "CVE-2022-47520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
    },
    {
      "name": "CVE-2023-0461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2022-4379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
    },
    {
      "name": "CVE-2022-42329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
    },
    {
      "name": "CVE-2023-23455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
    },
    {
      "name": "CVE-2022-47518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47518"
    },
    {
      "name": "CVE-2023-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
    },
    {
      "name": "CVE-2022-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
    },
    {
      "name": "CVE-2022-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
    },
    {
      "name": "CVE-2022-45869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
    },
    {
      "name": "CVE-2022-36280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2022-3344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3344"
    },
    {
      "name": "CVE-2023-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
    },
    {
      "name": "CVE-2022-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
    },
    {
      "name": "CVE-2023-26605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26605"
    },
    {
      "name": "CVE-2022-42328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2023-20938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20938"
    },
    {
      "name": "CVE-2022-3424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
    },
    {
      "name": "CVE-2022-47519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47519"
    },
    {
      "name": "CVE-2023-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
    },
    {
      "name": "CVE-2022-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    },
    {
      "name": "CVE-2022-3521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
    },
    {
      "name": "CVE-2023-0468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0468"
    }
  ],
  "initial_release_date": "2023-03-17T00:00:00",
  "last_revision_date": "2023-03-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0244",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5962-1 du 16 mars 2023",
      "url": "https://ubuntu.com/security/notices/USN-5962-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5951-1 du 14 mars 2023",
      "url": "https://ubuntu.com/security/notices/USN-5951-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5950-1 du 14 mars 2023",
      "url": "https://ubuntu.com/security/notices/USN-5950-1"
    }
  ]
}

CERTFR-2023-AVI-0399

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits NetApp HCI. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un déni de service.

Solution

Important : l'éditeur ne prévoit pas de publier de correctifs de sécurité (cf. section Documentation). Le CERT-FR recommande de remplacer les produits obsolètes Netapp HCI par des solutions maintenues à jour.

Contournement provisoire

Le CERT-FR recommande de cloisonner l'accès au composant BMC.

NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S
NetApp HCI Baseboard Management Controller (BMC) - H410C

Ces produits ne sont plus maintenus par l'éditeur.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité NetApp NTAP-20230511-0003 du 17 mai 2023	None	vendor-advisory
Bulletin de sécurité NetApp NTAP-20230331-0004 du 17 mai 2023	None	vendor-advisory
Bulletin de sécurité NetApp NTAP-20230413-0010 du 17 mai 2023	None	vendor-advisory
Bulletin de sécurité NetApp NTAP-20230309-0004 du 17 mai 2023	None	vendor-advisory
Bulletin de sécurité NetApp NTAP-20230316-0010 du 17 mai 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eNetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S\u003c/li\u003e \u003cli\u003eNetApp HCI Baseboard Management Controller (BMC) - H410C\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eCes produits ne sont plus maintenus par l\u0027\u00e9diteur.\u003c/p\u003e ",
  "content": "## Solution\n\nImportant : l\u0027\u00e9diteur ne pr\u00e9voit pas de publier de correctifs de\ns\u00e9curit\u00e9 (cf. section Documentation). Le CERT-FR recommande de remplacer\nles produits obsol\u00e8tes Netapp HCI par des solutions maintenues \u00e0 jour.\n\n\u00a0\n\n## Contournement provisoire\n\nLe CERT-FR recommande de cloisonner l\u0027acc\u00e8s au composant BMC.\n",
  "cves": [
    {
      "name": "CVE-2023-26606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26606"
    },
    {
      "name": "CVE-2023-23000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23000"
    },
    {
      "name": "CVE-2023-0030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0030"
    },
    {
      "name": "CVE-2023-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
    },
    {
      "name": "CVE-2023-26607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
    },
    {
      "name": "CVE-2023-26605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26605"
    },
    {
      "name": "CVE-2023-22995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22995"
    },
    {
      "name": "CVE-2023-26544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26544"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    }
  ],
  "initial_release_date": "2023-05-19T00:00:00",
  "last_revision_date": "2023-05-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eNetApp HCI\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp HCI",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230511-0003 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0003/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230331-0004 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230331-0004/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230413-0010 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230413-0010/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230309-0004 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230309-0004/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230316-0010 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
    }
  ]
}

fkie_cve-2023-26605

Vulnerability from fkie_nvd

Published

2023-02-26 23:15

Modified

2025-05-05 16:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

References

URL	Tags
cve@mitre.org	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4
cve@mitre.org	https://lkml.org/lkml/2023/2/22/3	Exploit
cve@mitre.org	https://security.netapp.com/advisory/ntap-20230316-0010/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4
af854a3a-2127-422b-91ae-364da2661108	https://lkml.org/lkml/2023/2/22/3	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230316-0010/	Third Party Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C15A1592-2D11-489C-A208-5474834B2E80",
              "versionEndExcluding": "5.15.81",
              "versionStartIncluding": "5.15.75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25175142-441A-4526-B1D9-18913C052F3E",
              "versionEndExcluding": "6.0.0",
              "versionStartIncluding": "5.19.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FC69CE-E4BD-4315-AC3C-42B1AD292E2A",
              "versionEndExcluding": "6.0.11",
              "versionStartIncluding": "6.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid."
    }
  ],
  "id": "CVE-2023-26605",
  "lastModified": "2025-05-05T16:15:31.580",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-26T23:15:10.827",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://lkml.org/lkml/2023/2/22/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://lkml.org/lkml/2023/2/22/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-26605 (GCVE-0-2023-26605)

Vulnerability from cvelistv5

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from gsd

Vulnerability from github

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Contournement provisoire

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature