csaf_redhat - rhsa-2024

rhsa-2024_0881

Vulnerability from csaf_redhat

Published

2024-02-20 12:31

Modified

2025-01-06 06:28

Summary

Red Hat Security Advisory: kernel-rt security update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623) * kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921) * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817) * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871) * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646) * kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545) * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858) * kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073) * kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838) * kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166) * kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176) * kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717) * kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356) * kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535) * kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536) * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606) * kernel: OOB Access in smb2_dump_detail (CVE-2023-6610) * kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283) * kernel: SEV-ES local priv escalation (CVE-2023-46813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)\n\n* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)\n\n* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)\n\n* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)\n\n* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)\n\n* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)\n\n* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)\n\n* kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)\n\n* kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)\n\n* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)\n\n* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)\n\n* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child\u0027s sibling_list (CVE-2023-5717)\n\n* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)\n\n* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)\n\n* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)\n\n* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)\n\n* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)\n\n* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)\n\n* kernel: SEV-ES local priv escalation (CVE-2023-46813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0881",
        "url": "https://access.redhat.com/errata/RHSA-2024:0881"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2087568",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087568"
      },
      {
        "category": "external",
        "summary": "2144379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144379"
      },
      {
        "category": "external",
        "summary": "2161310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161310"
      },
      {
        "category": "external",
        "summary": "2173403",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403"
      },
      {
        "category": "external",
        "summary": "2187813",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187813"
      },
      {
        "category": "external",
        "summary": "2187931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187931"
      },
      {
        "category": "external",
        "summary": "2231800",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231800"
      },
      {
        "category": "external",
        "summary": "2237757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237757"
      },
      {
        "category": "external",
        "summary": "2244723",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244723"
      },
      {
        "category": "external",
        "summary": "2245514",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245514"
      },
      {
        "category": "external",
        "summary": "2246944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246944"
      },
      {
        "category": "external",
        "summary": "2246945",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246945"
      },
      {
        "category": "external",
        "summary": "2253611",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
      },
      {
        "category": "external",
        "summary": "2253614",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
      },
      {
        "category": "external",
        "summary": "2253908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
      },
      {
        "category": "external",
        "summary": "2254052",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
      },
      {
        "category": "external",
        "summary": "2254053",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
      },
      {
        "category": "external",
        "summary": "2254054",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
      },
      {
        "category": "external",
        "summary": "2255139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255139"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0881.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2025-01-06T06:28:28+00:00",
      "generator": {
        "date": "2025-01-06T06:28:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.5"
        }
      },
      "id": "RHSA-2024:0881",
      "initial_release_date": "2024-02-20T12:31:47+00:00",
      "revision_history": [
        {
          "date": "2024-02-20T12:31:47+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-20T12:31:47+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-01-06T06:28:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)",
                  "product_id": "NFV-8.9.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux for Real Time (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux for Real Time (v. 8)",
                  "product_id": "RT-8.9.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::realtime"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
                "product": {
                  "name": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
                  "product_id": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-513.18.1.rt7.320.el8_9?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-513.18.1.rt7.320.el8_9?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src"
        },
        "product_reference": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
          "product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src"
        },
        "product_reference": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
          "product_id": "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
        "relates_to_product_reference": "RT-8.9.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-3545",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2023-01-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2161310"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in area_cache_get in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c in the Netronome Flow Processor (NFP) driver in the Linux kernel. This flaw allows a manipulation that may lead to a use-after-free issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: nfp: use-after-free in area_cache_get()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3545"
        },
        {
          "category": "external",
          "summary": "RHBZ#2161310",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161310"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3545",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3545"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a"
        }
      ],
      "release_date": "2022-08-11T06:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated by preventing the affected Netronome Flow Processor (NFP) kernel module from loading during the boot time; ensure the module is added to the blacklist file.\n~~~\nRefer:  \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: nfp: use-after-free in area_cache_get()"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Duoming Zhou"
          ]
        }
      ],
      "cve": "CVE-2022-41858",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2022-11-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2144379"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41858"
        },
        {
          "category": "external",
          "summary": "RHBZ#2144379",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144379"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41858",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41858",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41858"
        },
        {
          "category": "external",
          "summary": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798",
          "url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798"
        }
      ],
      "release_date": "2022-04-05T15:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated by preventing the affected slip driver from loading during the boot time, and ensuring the module is added to the blacklist file.\n~~~\nRefer:  \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip"
    },
    {
      "cve": "CVE-2023-1073",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2023-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2173403"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: HID: check empty report_list in hid_validate_values()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-1073"
        },
        {
          "category": "external",
          "summary": "RHBZ#2173403",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1073",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1073"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2023/01/17/3",
          "url": "https://www.openwall.com/lists/oss-security/2023/01/17/3"
        }
      ],
      "release_date": "2023-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: HID: check empty report_list in hid_validate_values()"
    },
    {
      "cve": "CVE-2023-1838",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2022-05-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2087568"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-1838"
        },
        {
          "category": "external",
          "summary": "RHBZ#2087568",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087568"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1838",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1838"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang@redhat.com/T/",
          "url": "https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang@redhat.com/T/"
        }
      ],
      "release_date": "2022-05-16T10:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated by preventing the affected Host kernel accelerator (vhost-net) kernel module from loading during the boot time, ensure the module is added to the blacklist file.\n~~~\nRefer:  \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Wei Chen"
          ]
        }
      ],
      "cve": "CVE-2023-2166",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2023-04-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2187813"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A NULL pointer dereference issue was found in the can protocol in net/can/af_can.c in the Linux kernel, where ml_priv may not be initialized in the receive path of CAN frames. This flaw allows a local user to crash the system or cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: NULL pointer dereference in can_rcv_filter",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2166"
        },
        {
          "category": "external",
          "summary": "RHBZ#2187813",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187813"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2166",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2166",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2166"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0acc442309a0a1b01bcdaa135e56e6398a49439c",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0acc442309a0a1b01bcdaa135e56e6398a49439c"
        }
      ],
      "release_date": "2022-12-06T06:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: NULL pointer dereference in can_rcv_filter"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Wei Chen"
          ]
        }
      ],
      "cve": "CVE-2023-2176",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2023-04-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2187931"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux kernel. An improper cleanup results in an out-of-boundary read. This flaw allows a local user to crash or escalate privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Slab-out-of-bound read in compare_netdev_and_ip",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2176"
        },
        {
          "category": "external",
          "summary": "RHBZ#2187931",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187931"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2176",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2176"
        },
        {
          "category": "external",
          "summary": "https://www.spinics.net/lists/linux-rdma/msg114749.html",
          "url": "https://www.spinics.net/lists/linux-rdma/msg114749.html"
        }
      ],
      "release_date": "2022-12-11T05:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: Slab-out-of-bound read in compare_netdev_and_ip"
    },
    {
      "cve": "CVE-2023-4623",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2023-09-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2237757"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSC_FSC flag set, has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: net/sched: sch_hfsc UAF",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-4623"
        },
        {
          "category": "external",
          "summary": "RHBZ#2237757",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237757"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4623",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4623",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4623"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
        }
      ],
      "release_date": "2023-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent the module sch_hfsc from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: net/sched: sch_hfsc UAF"
    },
    {
      "cve": "CVE-2023-4921",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2023-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2245514"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in qfq_dequeue and agg_dequeue in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free in sch_qfq network scheduler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-4921"
        },
        {
          "category": "external",
          "summary": "RHBZ#2245514",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245514"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4921"
        },
        {
          "category": "external",
          "summary": "https://github.com/torvalds/linux/commit/8fc134fee27f2263988ae38920bc03da416b03d8",
          "url": "https://github.com/torvalds/linux/commit/8fc134fee27f2263988ae38920bc03da416b03d8"
        }
      ],
      "release_date": "2023-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is to skip loading the affected module sch_qfq onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\n How do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278  \n~~~",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: use-after-free in sch_qfq network scheduler"
    },
    {
      "cve": "CVE-2023-5717",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2023-10-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2246945"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s Performance Events system component. A condition can be triggered that allows data to be written past the end or before the beginning of the intended memory buffer. This issue may lead to a system crash, code execution, or local privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child\u0027s sibling_list",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-5717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2246945",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246945"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5717"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
        }
      ],
      "release_date": "2023-10-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "It is not possible to trigger this issue with the default kernel.perf_event_paranoid sysctl value 2. You may check it with:\ncat /proc/sys/kernel/perf_event_paranoid",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child\u0027s sibling_list"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alon Zahavi"
          ]
        }
      ],
      "cve": "CVE-2023-6356",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2023-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2254054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: NULL pointer dereference in nvmet_tcp_build_iovec",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 6 and 7 are not affected by this issue as it doesn\u0027t ship the related NVMe driver code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6356"
        },
        {
          "category": "external",
          "summary": "RHBZ#2254054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6356",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6356",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6356"
        }
      ],
      "release_date": "2023-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: NULL pointer dereference in nvmet_tcp_build_iovec"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alon Zahavi"
          ]
        }
      ],
      "cve": "CVE-2023-6535",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2023-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2254053"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: NULL pointer dereference in nvmet_tcp_execute_request",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 6 and 7 are not affected by this issue as it doesn\u0027t ship the related NVMe driver code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
        },
        {
          "category": "external",
          "summary": "RHBZ#2254053",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6535",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6535"
        }
      ],
      "release_date": "2023-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: NULL pointer dereference in nvmet_tcp_execute_request"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alon Zahavi"
          ]
        }
      ],
      "cve": "CVE-2023-6536",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2023-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2254052"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: NULL pointer dereference in __nvmet_req_complete",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 6 and 7 are not affected by this issue as it doesn\u0027t ship the related NVMe driver code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6536"
        },
        {
          "category": "external",
          "summary": "RHBZ#2254052",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6536",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6536"
        }
      ],
      "release_date": "2023-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: NULL pointer dereference in __nvmet_req_complete"
    },
    {
      "cve": "CVE-2023-6606",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2023-12-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2253611"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Out-Of-Bounds Read vulnerability in smbCalcSize",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6606"
        },
        {
          "category": "external",
          "summary": "RHBZ#2253611",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6606",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6606",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6606"
        },
        {
          "category": "external",
          "summary": "https://bugzilla.kernel.org/show_bug.cgi?id=218218",
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: Out-Of-Bounds Read vulnerability in smbCalcSize"
    },
    {
      "cve": "CVE-2023-6610",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2023-12-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2253614"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: OOB Access in smb2_dump_detail",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6610"
        },
        {
          "category": "external",
          "summary": "RHBZ#2253614",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6610",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6610",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6610"
        },
        {
          "category": "external",
          "summary": "https://bugzilla.kernel.org/show_bug.cgi?id=218219",
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: OOB Access in smb2_dump_detail"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Xingyuan Mo of IceSword Lab"
          ]
        }
      ],
      "cve": "CVE-2023-6817",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2023-12-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2255139"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nft_pipapo_walk function. This issue may allow a local user with CAP_NET_ADMIN capability to trigger an application crash, information disclosure, or local privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: inactive elements in nft_pipapo_walk",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Only local users with `CAP_NET_ADMIN` capability or root can trigger this issue. \nOn Red Hat Enterprise Linux, local unprivileged users can exploit unprivileged user namespaces (CONFIG_USER_NS) to grant themselves this capability.\n\nThe OpenShift Container Platform (OCP) control planes or master machines are based on Red Hat Enterprise Linux CoreOS (RHCOS) that consists primarily of RHEL components, therefore, it is also affected by this kernel vulnerability. A successful exploit needs necessary privileges (CAP_NET_ADMIN) and direct, local access. A local user in RHCOS is already a root with full permissions, hence existence of this vulnerability does not bring any value from the potential attacker perspective. From the OpenShift containers perspective, this vulnerability cannot be exploited as in OpenShift the cluster processes on the node are namespaced, which means that switching the namespace in the running OpenShift container will not bring necessary capabilities.\nThis means that for OpenShift, the impact of this vulnerability is Low.\n\nSimilar to the CVE-2023-32233 vulnerability, this has been explained in the following blog post as an example of a \"Container escape vulnerability\":\nhttps://www.redhat.com/en/blog/containers-vulnerability-risk-assessment",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6817"
        },
        {
          "category": "external",
          "summary": "RHBZ#2255139",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255139"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6817",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6817",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6817"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a"
        }
      ],
      "release_date": "2023-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "In order to trigger the issue, it requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: inactive elements in nft_pipapo_walk"
    },
    {
      "cve": "CVE-2023-40283",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2023-08-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2231800"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk\u0027s children being mishandled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-40283"
        },
        {
          "category": "external",
          "summary": "RHBZ#2231800",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231800"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40283",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40283"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
        }
      ],
      "release_date": "2023-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c"
    },
    {
      "cve": "CVE-2023-45871",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2023-10-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244723"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in igb_configure_rx_ring in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel\u0027s ring buffer, leading to a system integrity issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: IGB driver inadequate buffer size for frames larger than MTU",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as Important because of its nature of exposure to the threat of impacting Confidentiality, Integrity and Availability by an attacker while being in an adjacent physical layer with no privilege required.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-45871"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244723",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244723"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45871"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f"
        }
      ],
      "release_date": "2023-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: IGB driver inadequate buffer size for frames larger than MTU"
    },
    {
      "cve": "CVE-2023-46813",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "discovery_date": "2023-10-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2246944"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow and null pointer dereference flaw was found in the Linux kernel\u0027s Secure Encrypted Virtualization (SEV) implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: SEV-ES local priv escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-46813"
        },
        {
          "category": "external",
          "summary": "RHBZ#2246944",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246944"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46813",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46813"
        },
        {
          "category": "external",
          "summary": "https://bugzilla.suse.com/show_bug.cgi?id=1212649",
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1212649"
        },
        {
          "category": "external",
          "summary": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9",
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf"
        }
      ],
      "release_date": "2023-10-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: SEV-ES local priv escalation"
    },
    {
      "cve": "CVE-2024-0646",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-01-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2253908"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
          "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
          "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-0646"
        },
        {
          "category": "external",
          "summary": "RHBZ#2253908",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0646",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0646",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0646"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
        }
      ],
      "release_date": "2023-12-07T06:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T12:31:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.src",
            "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64",
            "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.18.1.rt7.320.el8_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination"
    }
  ]
}

CVE-2023-6817 (GCVE-0-2023-6817)

Vulnerability from cvelistv5

Published

2023-12-18 14:37

Modified

2025-02-13 17:26

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Summary

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a	patch
	https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
	http://www.openwall.com/lists/oss-security/2023/12/22/6
	http://www.openwall.com/lists/oss-security/2023/12/22/13
	https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
	http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html

Impacted products

	Vendor	Product	Version
	Linux	Kernel	Version: 5.6 < 6.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:08.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/22/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/22/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Kernel",
          "repo": "https://git.kernel.org",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.7",
              "status": "affected",
              "version": "5.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Lonial Kong"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Xingyuan Mo"
        }
      ],
      "datePublic": "2023-12-06T16:14:37.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-08T16:05:57.106Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a"
        },
        {
          "url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/12/22/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/12/22/13"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-6817",
    "datePublished": "2023-12-18T14:37:05.986Z",
    "dateReserved": "2023-12-14T11:29:13.252Z",
    "dateUpdated": "2025-02-13T17:26:33.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45871 (GCVE-0-2023-45871)

Vulnerability from cvelistv5

Published

2023-10-15 00:00

Modified

2024-08-02 20:29

Severity ?

CWE

Summary

An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f
	https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3
	https://security.netapp.com/advisory/ntap-20231110-0001/
	https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:29:32.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231110-0001/"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T19:07:05.019133",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231110-0001/"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45871",
    "datePublished": "2023-10-15T00:00:00",
    "dateReserved": "2023-10-15T00:00:00",
    "dateUpdated": "2024-08-02T20:29:32.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2176 (GCVE-0-2023-2176)

Vulnerability from cvelistv5

Published

2023-04-20 00:00

Modified

2025-05-05 16:01

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-125

Summary

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.

References

URL

Tags

	https://www.spinics.net/lists/linux-rdma/msg114749.html
	https://security.netapp.com/advisory/ntap-20230609-0005/

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux 6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:12:20.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-rdma/msg114749.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230609-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-2176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:28:34.519474Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:01:21.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux 6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-09T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.spinics.net/lists/linux-rdma/msg114749.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230609-0005/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-2176",
    "datePublished": "2023-04-20T00:00:00.000Z",
    "dateReserved": "2023-04-19T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:01:21.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2166 (GCVE-0-2023-2166)

Vulnerability from cvelistv5

Published

2023-04-19 00:00

Modified

2025-02-05 15:13

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476

Summary

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.

References

URL

Tags

https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/

Impacted products

	Vendor	Product	Version
	n/a	Linux	Version: Linux Kernel version prior to Kernel 6.1 RC9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:12:20.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-2166",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T15:12:07.422598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T15:13:09.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux Kernel version prior to Kernel 6.1 RC9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-19T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-2166",
    "datePublished": "2023-04-19T00:00:00.000Z",
    "dateReserved": "2023-04-18T00:00:00.000Z",
    "dateUpdated": "2025-02-05T15:13:09.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6535 (GCVE-0-2023-6535)

Vulnerability from cvelistv5

Published

2024-02-07 21:04

Modified

2025-09-25 19:21

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Summary

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:0723	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0724	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0725	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0881	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0897	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1248	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2094	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3810	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6535	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2254053	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::realtime
    cpe:/a:redhat:enterprise_linux:8::nfv

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.18.1.el8_9 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.18.0-477.58.1.el8_8 < * cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.el9_2 < * cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 < * cpe:/a:redhat:rhel_eus:9.2::realtime cpe:/a:redhat:rhel_eus:9.2::nfv
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-22 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-11 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v6.8.1-407 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-19 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.0.0-479 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-7 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.4.0-247 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-5 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.1.0-227 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.1-470 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v2.9.6-14 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-2 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-24 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-10 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-525 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-224 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.28.1-56 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6535",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-08T17:12:36.607009Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T15:58:14.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:14.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0723"
          },
          {
            "name": "RHSA-2024:0724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0724"
          },
          {
            "name": "RHSA-2024:0725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0725"
          },
          {
            "name": "RHSA-2024:0881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0881"
          },
          {
            "name": "RHSA-2024:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0897"
          },
          {
            "name": "RHSA-2024:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1248"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "name": "RHSA-2024:3810",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3810"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
          },
          {
            "name": "RHBZ#2254053",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240415-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::realtime",
            "cpe:/a:redhat:enterprise_linux:8::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.58.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::realtime",
            "cpe:/a:redhat:rhel_eus:9.2::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
        }
      ],
      "datePublic": "2023-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-25T19:21:57.332Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0723"
        },
        {
          "name": "RHSA-2024:0724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0724"
        },
        {
          "name": "RHSA-2024:0725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0725"
        },
        {
          "name": "RHSA-2024:0881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "name": "RHSA-2024:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0897"
        },
        {
          "name": "RHSA-2024:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1248"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "name": "RHSA-2024:3810",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3810"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
        },
        {
          "name": "RHBZ#2254053",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-11T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-11T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: null pointer dereference in nvmet_tcp_execute_request",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6535",
    "datePublished": "2024-02-07T21:04:21.409Z",
    "dateReserved": "2023-12-05T20:50:27.727Z",
    "dateUpdated": "2025-09-25T19:21:57.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6606 (GCVE-0-2023-6606)

Vulnerability from cvelistv5

Published

2023-12-08 16:58

Modified

2025-09-26 06:27

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Summary

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:0723	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0725	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0881	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0897	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1188	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1248	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1404	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2094	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6606	vdb-entry, x_refsource_REDHAT
	https://bugzilla.kernel.org/show_bug.cgi?id=218218
	https://bugzilla.redhat.com/show_bug.cgi?id=2253611	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::realtime
    cpe:/a:redhat:enterprise_linux:8::nfv

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.18.1.el8_9 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:4.18.0-372.95.1.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.18.0-477.51.1.el8_8 < * cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.el9_2 < * cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 < * cpe:/a:redhat:rhel_eus:9.2::realtime cpe:/a:redhat:rhel_eus:9.2::nfv
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-372.95.1.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-22 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-11 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v6.8.1-407 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-19 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.0.0-479 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-7 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.4.0-247 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-5 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.1.0-227 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.1-470 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v2.9.6-14 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-2 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-24 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-10 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-525 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-224 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.28.1-56 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6606",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-11T21:20:47.767463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T14:22:01.806Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:14.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0723"
          },
          {
            "name": "RHSA-2024:0725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0725"
          },
          {
            "name": "RHSA-2024:0881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0881"
          },
          {
            "name": "RHSA-2024:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0897"
          },
          {
            "name": "RHSA-2024:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1188"
          },
          {
            "name": "RHSA-2024:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1248"
          },
          {
            "name": "RHSA-2024:1404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1404"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6606"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
          },
          {
            "name": "RHBZ#2253611",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::realtime",
            "cpe:/a:redhat:enterprise_linux:8::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.95.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.51.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::realtime",
            "cpe:/a:redhat:rhel_eus:9.2::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.95.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-12-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-26T06:27:20.352Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0723"
        },
        {
          "name": "RHSA-2024:0725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0725"
        },
        {
          "name": "RHSA-2024:0881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "name": "RHSA-2024:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0897"
        },
        {
          "name": "RHSA-2024:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1188"
        },
        {
          "name": "RHSA-2024:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1248"
        },
        {
          "name": "RHSA-2024:1404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1404"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6606"
        },
        {
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
        },
        {
          "name": "RHBZ#2253611",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-08T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-04T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: out-of-bounds read vulnerability in smbcalcsize",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
        }
      ],
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6606",
    "datePublished": "2023-12-08T16:58:08.746Z",
    "dateReserved": "2023-12-08T07:45:03.358Z",
    "dateUpdated": "2025-09-26T06:27:20.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1073 (GCVE-0-2023-1073)

Vulnerability from cvelistv5

Published

2023-03-27 00:00

Modified

2025-04-23 16:23

Severity ?

6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119

Summary

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2173403
	https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456
	https://www.openwall.com/lists/osssecurity/2023/01/17/3
	https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html	mailing-list
	http://www.openwall.com/lists/oss-security/2023/11/05/2	mailing-list
	http://www.openwall.com/lists/oss-security/2023/11/05/3	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	kernel	Version: unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:32:46.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/osssecurity/2023/01/17/3"
          },
          {
            "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
          },
          {
            "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          },
          {
            "name": "[oss-security] 20231105 Re: Linux Kernel: hid: type confusions on hid report_list entry",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/11/05/2"
          },
          {
            "name": "[oss-security] 20231105 Re: Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/11/05/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-1073",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:28:44.307820Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:23:24.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-05T21:06:16.478Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456"
        },
        {
          "url": "https://www.openwall.com/lists/osssecurity/2023/01/17/3"
        },
        {
          "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
        },
        {
          "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        },
        {
          "name": "[oss-security] 20231105 Re: Linux Kernel: hid: type confusions on hid report_list entry",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/11/05/2"
        },
        {
          "name": "[oss-security] 20231105 Re: Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/11/05/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-1073",
    "datePublished": "2023-03-27T00:00:00.000Z",
    "dateReserved": "2023-02-27T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:23:24.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3545 (GCVE-0-2022-3545)

Vulnerability from cvelistv5

Published

2022-10-17 00:00

Modified

2025-04-15 13:43

Severity ?

5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-119 - Memory Corruption -> CWE-416 Use After Free

Summary

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a
	https://vuldb.com/?id.211045
	https://security.netapp.com/advisory/ntap-20221223-0003/
	https://www.debian.org/security/2023/dsa-5324	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html	mailing-list

Impacted products

	Vendor	Product	Version
	Linux	Kernel	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:01.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.211045"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221223-0003/"
          },
          {
            "name": "DSA-5324",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5324"
          },
          {
            "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
          },
          {
            "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3545",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T17:08:55.254158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T13:43:19.382Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00.000Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a"
        },
        {
          "url": "https://vuldb.com/?id.211045"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221223-0003/"
        },
        {
          "name": "DSA-5324",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5324"
        },
        {
          "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
        },
        {
          "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        }
      ],
      "title": "Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free",
      "x_generator": "vuldb.com"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2022-3545",
    "datePublished": "2022-10-17T00:00:00.000Z",
    "dateReserved": "2022-10-17T00:00:00.000Z",
    "dateUpdated": "2025-04-15T13:43:19.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4623 (GCVE-0-2023-4623)

Vulnerability from cvelistv5

Published

2023-09-06 13:56

Modified

2025-02-27 21:00

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Summary

A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f	patch
	https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f
	https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
	http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
	https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html

Impacted products

	Vendor	Product	Version
	Linux	Kernel	Version: 2.6.12 < 6.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4623",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:52:35.435762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:00:32.991Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Kernel",
          "repo": "https://git.kernel.org",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.6",
              "status": "affected",
              "version": "2.6.12",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Budimir Markovic"
        }
      ],
      "datePublic": "2023-08-26T01:57:54.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T19:06:55.765Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
        },
        {
          "url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use-after-free in Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-4623",
    "datePublished": "2023-09-06T13:56:57.295Z",
    "dateReserved": "2023-08-30T11:58:12.267Z",
    "dateUpdated": "2025-02-27T21:00:32.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5717 (GCVE-0-2023-5717)

Vulnerability from cvelistv5

Published

2023-10-25 12:55

Modified

2025-02-13 17:25

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Summary

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06	patch
	https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06
	https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
	https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html

Impacted products

	Vendor	Product	Version
	Linux	Kernel	Version: 4.4 < 6.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.716Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Kernel",
          "repo": "https://git.kernel.org",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.6",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Budimir Markovic"
        }
      ],
      "datePublic": "2023-10-19T08:09:42.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T19:06:46.196Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
        },
        {
          "url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Out-of-bounds write in Linux kernel\u0027s Linux Kernel Performance Events (perf) component",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-5717",
    "datePublished": "2023-10-25T12:55:06.871Z",
    "dateReserved": "2023-10-23T10:49:09.250Z",
    "dateUpdated": "2025-02-13T17:25:43.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6536 (GCVE-0-2023-6536)

Vulnerability from cvelistv5

Published

2024-02-07 21:05

Modified

2025-09-25 19:22

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Summary

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:0723	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0724	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0725	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0881	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0897	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1248	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2094	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3810	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6536	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2254052	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::nfv
    cpe:/a:redhat:enterprise_linux:8::realtime

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.18.1.el8_9 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.18.0-477.58.1.el8_8 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::nfv
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::nfv
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.el9_2 < * cpe:/a:redhat:rhel_eus:9.2::crb cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 < * cpe:/a:redhat:rhel_eus:9.2::nfv cpe:/a:redhat:rhel_eus:9.2::realtime
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-22 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-11 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v6.8.1-407 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-19 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.0.0-479 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-7 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.4.0-247 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-5 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.1.0-227 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.1-470 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v2.9.6-14 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-2 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-24 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-10 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-525 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-224 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.28.1-56 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-08T14:26:21.002030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:45.294Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:13.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0723"
          },
          {
            "name": "RHSA-2024:0724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0724"
          },
          {
            "name": "RHSA-2024:0725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0725"
          },
          {
            "name": "RHSA-2024:0881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0881"
          },
          {
            "name": "RHSA-2024:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0897"
          },
          {
            "name": "RHSA-2024:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1248"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "name": "RHSA-2024:3810",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3810"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6536"
          },
          {
            "name": "RHBZ#2254052",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240415-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::nfv",
            "cpe:/a:redhat:enterprise_linux:8::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.58.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::nfv",
            "cpe:/a:redhat:rhel_eus:9.2::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
        }
      ],
      "datePublic": "2023-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-25T19:22:04.484Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0723"
        },
        {
          "name": "RHSA-2024:0724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0724"
        },
        {
          "name": "RHSA-2024:0725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0725"
        },
        {
          "name": "RHSA-2024:0881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "name": "RHSA-2024:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0897"
        },
        {
          "name": "RHSA-2024:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1248"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "name": "RHSA-2024:3810",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3810"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6536"
        },
        {
          "name": "RHBZ#2254052",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-11T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-11T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: null pointer dereference in __nvmet_req_complete",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6536",
    "datePublished": "2024-02-07T21:05:13.716Z",
    "dateReserved": "2023-12-05T21:00:40.604Z",
    "dateUpdated": "2025-09-25T19:22:04.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1838 (GCVE-0-2023-1838)

Vulnerability from cvelistv5

Published

2023-04-05 00:00

Modified

2024-08-02 06:05

Severity ?

CWE

CWE-416

Summary

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

References

URL

Tags

	https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/
	https://security.netapp.com/advisory/ntap-20230517-0003/

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux Kernel prior to kernel 5.18 25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:05:26.723Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230517-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux Kernel prior to kernel 5.18 25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-17T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230517-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-1838",
    "datePublished": "2023-04-05T00:00:00",
    "dateReserved": "2023-04-04T00:00:00",
    "dateUpdated": "2024-08-02T06:05:26.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6610 (GCVE-0-2023-6610)

Vulnerability from cvelistv5

Published

2023-12-08 16:58

Modified

2025-10-09 23:57

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Summary

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:0723	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0724	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0725	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0881	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0897	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1248	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1404	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2094	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6610	vdb-entry, x_refsource_REDHAT
	https://bugzilla.kernel.org/show_bug.cgi?id=218219
	https://bugzilla.redhat.com/show_bug.cgi?id=2253614	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::nfv
    cpe:/a:redhat:enterprise_linux:8::realtime

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.18.1.el8_9 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/a:redhat:rhel_eus:8.6::crb
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.18.0-477.51.1.el8_8 < * cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::realtime
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::realtime
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.el9_2 < * cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 < * cpe:/a:redhat:rhel_eus:9.2::realtime cpe:/a:redhat:rhel_eus:9.2::nfv
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/a:redhat:rhel_eus:8.6::crb
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-22 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-11 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v6.8.1-407 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-19 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.0.0-479 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-7 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.4.0-247 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-5 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.1.0-227 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.1-470 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v2.9.6-14 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-2 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-24 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-10 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-525 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-224 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.28.1-56 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:14.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0723"
          },
          {
            "name": "RHSA-2024:0724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0724"
          },
          {
            "name": "RHSA-2024:0725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0725"
          },
          {
            "name": "RHSA-2024:0881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0881"
          },
          {
            "name": "RHSA-2024:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0897"
          },
          {
            "name": "RHSA-2024:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1248"
          },
          {
            "name": "RHSA-2024:1404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1404"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6610"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219"
          },
          {
            "name": "RHBZ#2253614",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::nfv",
            "cpe:/a:redhat:enterprise_linux:8::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/a:redhat:rhel_eus:8.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.51.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::realtime",
            "cpe:/a:redhat:rhel_eus:9.2::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/a:redhat:rhel_eus:8.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-12-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T23:57:48.021Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0723"
        },
        {
          "name": "RHSA-2024:0724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0724"
        },
        {
          "name": "RHSA-2024:0725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0725"
        },
        {
          "name": "RHSA-2024:0881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "name": "RHSA-2024:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0897"
        },
        {
          "name": "RHSA-2024:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1248"
        },
        {
          "name": "RHSA-2024:1404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1404"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6610"
        },
        {
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219"
        },
        {
          "name": "RHBZ#2253614",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-08T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-04T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: oob access in smb2_dump_detail",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
        }
      ],
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6610",
    "datePublished": "2023-12-08T16:58:09.963Z",
    "dateReserved": "2023-12-08T08:25:42.667Z",
    "dateUpdated": "2025-10-09T23:57:48.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46813 (GCVE-0-2023-46813)

Vulnerability from cvelistv5

Published

2023-10-27 00:00

Modified

2024-08-02 20:53

Severity ?

CWE

Summary

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

References

URL

Tags

	https://bugzilla.suse.com/show_bug.cgi?id=1212649
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba
	https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9
	https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:53:21.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1212649"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T21:06:34.720403",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1212649"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-46813",
    "datePublished": "2023-10-27T00:00:00",
    "dateReserved": "2023-10-27T00:00:00",
    "dateUpdated": "2024-08-02T20:53:21.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41858 (GCVE-0-2022-41858)

Vulnerability from cvelistv5

Published

2023-01-17 00:00

Modified

2025-04-07 16:46

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-416

Summary

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.

References

URL

Tags

	https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798
	https://security.netapp.com/advisory/ntap-20230223-0006/

Impacted products

	Vendor	Product	Version
	n/a	Linux kernel	Version: unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230223-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41858",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T16:46:04.627051Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T16:46:38.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-23T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230223-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-41858",
    "datePublished": "2023-01-17T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-04-07T16:46:38.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4921 (GCVE-0-2023-4921)

Vulnerability from cvelistv5

Published

2023-09-12 19:45

Modified

2025-02-13 17:18

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Summary

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8	patch
	https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8
	https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
	https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html

Impacted products

	Vendor	Product	Version
	Linux	Kernel	Version: 3.8 < 6.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:52.210Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Kernel",
          "repo": "https://git.kernel.org",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.6",
              "status": "affected",
              "version": "3.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "valis"
        }
      ],
      "datePublic": "2023-09-05T06:54:12.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T19:06:28.103Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8"
        },
        {
          "url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use-after-free in Linux kernel\u0027s net/sched: sch_qfq component",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-4921",
    "datePublished": "2023-09-12T19:45:19.367Z",
    "dateReserved": "2023-09-12T19:22:10.389Z",
    "dateUpdated": "2025-02-13T17:18:36.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6356 (GCVE-0-2023-6356)

Vulnerability from cvelistv5

Published

2024-02-07 21:04

Modified

2025-09-25 19:21

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Summary

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:0723	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0724	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0725	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0881	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0897	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1248	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2094	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3810	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6356	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2254054	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::realtime
    cpe:/a:redhat:enterprise_linux:8::nfv

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.18.1.el8_9 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.18.0-477.58.1.el8_8 < * cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.el9_2 < * cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 < * cpe:/a:redhat:rhel_eus:9.2::realtime cpe:/a:redhat:rhel_eus:9.2::nfv
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-22 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-11 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v6.8.1-407 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-19 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.0.0-479 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-7 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.4.0-247 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-5 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.1.0-227 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.1-470 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v2.9.6-14 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-2 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-24 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-10 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-525 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-224 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.28.1-56 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-02T13:53:04.324723Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:04.696Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0723"
          },
          {
            "name": "RHSA-2024:0724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0724"
          },
          {
            "name": "RHSA-2024:0725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0725"
          },
          {
            "name": "RHSA-2024:0881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0881"
          },
          {
            "name": "RHSA-2024:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0897"
          },
          {
            "name": "RHSA-2024:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1248"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "name": "RHSA-2024:3810",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3810"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6356"
          },
          {
            "name": "RHBZ#2254054",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240415-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::realtime",
            "cpe:/a:redhat:enterprise_linux:8::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.58.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::realtime",
            "cpe:/a:redhat:rhel_eus:9.2::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
        }
      ],
      "datePublic": "2023-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-25T19:21:54.203Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0723"
        },
        {
          "name": "RHSA-2024:0724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0724"
        },
        {
          "name": "RHSA-2024:0725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0725"
        },
        {
          "name": "RHSA-2024:0881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "name": "RHSA-2024:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0897"
        },
        {
          "name": "RHSA-2024:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1248"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "name": "RHSA-2024:3810",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3810"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6356"
        },
        {
          "name": "RHBZ#2254054",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-11T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-11T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: null pointer dereference in nvmet_tcp_build_iovec",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6356",
    "datePublished": "2024-02-07T21:04:20.684Z",
    "dateReserved": "2023-11-28T05:16:10.932Z",
    "dateUpdated": "2025-09-25T19:21:54.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0646 (GCVE-0-2024-0646)

Vulnerability from cvelistv5

Published

2024-01-17 15:16

Modified

2025-10-09 11:52

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Summary

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:0723	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0724	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0725	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0850	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0851	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0876	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0881	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0897	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1248	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1250	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1251	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1253	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1268	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1269	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1278	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1306	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1367	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1368	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1377	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1382	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1404	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2094	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-0646	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2253908	issue-tracking, x_refsource_REDHAT
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267

Impacted products

Vendor

Product

Version

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.18.1.el8_9 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:4.18.0-193.128.1.el8_2 < * cpe:/o:redhat:rhel_tus:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Unaffected: 0:4.18.0-193.128.1.rt13.179.el8_2 < * cpe:/a:redhat:rhel_tus:8.2::realtime cpe:/a:redhat:rhel_tus:8.2::nfv
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Unaffected: 0:4.18.0-193.128.1.el8_2 < * cpe:/o:redhat:rhel_tus:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Unaffected: 0:4.18.0-193.128.1.el8_2 < * cpe:/o:redhat:rhel_tus:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	cpe:/o:redhat:rhel_e4s:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:4.18.0-305.125.1.el8_4 < * cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:4.18.0-305.125.1.rt7.201.el8_4 < * cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/a:redhat:rhel_tus:8.4::realtime
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:4.18.0-305.125.1.el8_4 < * cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:4.18.0-305.125.1.el8_4 < * cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	cpe:/o:redhat:rhel_e4s:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	cpe:/o:redhat:rhel_eus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.18.0-477.51.1.el8_8 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	Unaffected: 0:5.14.0-70.93.2.el9_0 < * cpe:/o:redhat:rhel_eus:9.0::baseos cpe:/a:redhat:rhel_eus:9.0::crb cpe:/a:redhat:rhel_eus:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	Unaffected: 0:5.14.0-70.93.1.rt21.165.el9_0 < * cpe:/a:redhat:rhel_eus:9.0::nfv cpe:/a:redhat:rhel_eus:9.0::realtime
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	cpe:/o:redhat:rhel_eus:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.el9_2 < * cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/o:redhat:rhel_eus:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 < * cpe:/a:redhat:rhel_eus:9.2::nfv cpe:/a:redhat:rhel_eus:9.2::realtime
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	cpe:/o:redhat:rhel_eus:9.2::baseos
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-372.91.1.el8_6 < * cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-22 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-11 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v6.8.1-407 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-19 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.0.0-479 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-7 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.4.0-247 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-5 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.1.0-227 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.1-470 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v2.9.6-14 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-2 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-24 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-10 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-525 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-224 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.28.1-56 < * cpe:/a:redhat:logging:5.8::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:11:35.718Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0723"
          },
          {
            "name": "RHSA-2024:0724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0724"
          },
          {
            "name": "RHSA-2024:0725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0725"
          },
          {
            "name": "RHSA-2024:0850",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0850"
          },
          {
            "name": "RHSA-2024:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0851"
          },
          {
            "name": "RHSA-2024:0876",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0876"
          },
          {
            "name": "RHSA-2024:0881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0881"
          },
          {
            "name": "RHSA-2024:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0897"
          },
          {
            "name": "RHSA-2024:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1248"
          },
          {
            "name": "RHSA-2024:1250",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1250"
          },
          {
            "name": "RHSA-2024:1251",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1251"
          },
          {
            "name": "RHSA-2024:1253",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1253"
          },
          {
            "name": "RHSA-2024:1268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1268"
          },
          {
            "name": "RHSA-2024:1269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1269"
          },
          {
            "name": "RHSA-2024:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1278"
          },
          {
            "name": "RHSA-2024:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1306"
          },
          {
            "name": "RHSA-2024:1367",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1367"
          },
          {
            "name": "RHSA-2024:1368",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1368"
          },
          {
            "name": "RHSA-2024:1377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1377"
          },
          {
            "name": "RHSA-2024:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1382"
          },
          {
            "name": "RHSA-2024:1404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1404"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0646"
          },
          {
            "name": "RHBZ#2253908",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0646",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T04:00:15.716357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:19:19.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "versions": [
            {
              "lessThan": "6.7-rc5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::realtime",
            "cpe:/a:redhat:enterprise_linux:8::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kpatch-patch",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-193.128.1.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.2::realtime",
            "cpe:/a:redhat:rhel_tus:8.2::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-193.128.1.rt13.179.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-193.128.1.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-193.128.1.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kpatch-patch",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-305.125.1.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.4::nfv",
            "cpe:/a:redhat:rhel_tus:8.4::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-305.125.1.rt7.201.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-305.125.1.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-305.125.1.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kpatch-patch",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kpatch-patch",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kpatch-patch",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.51.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kpatch-patch",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-70.93.2.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::nfv",
            "cpe:/a:redhat:rhel_eus:9.0::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-70.93.1.rt21.165.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kpatch-patch",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/a:redhat:rhel_eus:9.2::appstream",
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::nfv",
            "cpe:/a:redhat:rhel_eus:9.2::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kpatch-patch",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-12-07T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T11:52:53.605Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0723"
        },
        {
          "name": "RHSA-2024:0724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0724"
        },
        {
          "name": "RHSA-2024:0725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0725"
        },
        {
          "name": "RHSA-2024:0850",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0850"
        },
        {
          "name": "RHSA-2024:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0851"
        },
        {
          "name": "RHSA-2024:0876",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0876"
        },
        {
          "name": "RHSA-2024:0881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "name": "RHSA-2024:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0897"
        },
        {
          "name": "RHSA-2024:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1248"
        },
        {
          "name": "RHSA-2024:1250",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1250"
        },
        {
          "name": "RHSA-2024:1251",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1251"
        },
        {
          "name": "RHSA-2024:1253",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1253"
        },
        {
          "name": "RHSA-2024:1268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1268"
        },
        {
          "name": "RHSA-2024:1269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1269"
        },
        {
          "name": "RHSA-2024:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1278"
        },
        {
          "name": "RHSA-2024:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1306"
        },
        {
          "name": "RHSA-2024:1367",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1367"
        },
        {
          "name": "RHSA-2024:1368",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1368"
        },
        {
          "name": "RHSA-2024:1377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1377"
        },
        {
          "name": "RHSA-2024:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1382"
        },
        {
          "name": "RHSA-2024:1404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1404"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0646"
        },
        {
          "name": "RHBZ#2253908",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-17T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-07T06:30:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
        }
      ],
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0646",
    "datePublished": "2024-01-17T15:16:45.148Z",
    "dateReserved": "2024-01-17T13:11:12.669Z",
    "dateUpdated": "2025-10-09T11:52:53.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40283 (GCVE-0-2023-40283)

Vulnerability from cvelistv5

Published

2023-08-14 00:00

Modified

2024-08-02 18:31

Severity ?

CWE

Summary

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1
	https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1
	https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10
	https://www.debian.org/security/2023/dsa-5480	vendor-advisory
	https://www.debian.org/security/2023/dsa-5492	vendor-advisory
	http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
	https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html	mailing-list
	https://security.netapp.com/advisory/ntap-20231020-0007/
	http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
	https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:31:53.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10"
          },
          {
            "name": "DSA-5480",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5480"
          },
          {
            "name": "DSA-5492",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
          },
          {
            "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231020-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T19:07:21.176099",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10"
        },
        {
          "name": "DSA-5480",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5480"
        },
        {
          "name": "DSA-5492",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5492"
        },
        {
          "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
        },
        {
          "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231020-0007/"
        },
        {
          "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-40283",
    "datePublished": "2023-08-14T00:00:00",
    "dateReserved": "2023-08-14T00:00:00",
    "dateUpdated": "2024-08-02T18:31:53.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2024_0881

Vulnerability from csaf_redhat

CVE-2023-6817 (GCVE-0-2023-6817)

Vulnerability from cvelistv5

CVE-2023-45871 (GCVE-0-2023-45871)

Vulnerability from cvelistv5

CVE-2023-2176 (GCVE-0-2023-2176)

Vulnerability from cvelistv5

CVE-2023-2166 (GCVE-0-2023-2166)

Vulnerability from cvelistv5

CVE-2023-6535 (GCVE-0-2023-6535)

Vulnerability from cvelistv5

CVE-2023-6606 (GCVE-0-2023-6606)

Vulnerability from cvelistv5

CVE-2023-1073 (GCVE-0-2023-1073)

Vulnerability from cvelistv5

CVE-2022-3545 (GCVE-0-2022-3545)

Vulnerability from cvelistv5

CVE-2023-4623 (GCVE-0-2023-4623)

Vulnerability from cvelistv5

CVE-2023-5717 (GCVE-0-2023-5717)

Vulnerability from cvelistv5

CVE-2023-6536 (GCVE-0-2023-6536)

Vulnerability from cvelistv5

CVE-2023-1838 (GCVE-0-2023-1838)

Vulnerability from cvelistv5

CVE-2023-6610 (GCVE-0-2023-6610)

Vulnerability from cvelistv5

CVE-2023-46813 (GCVE-0-2023-46813)

Vulnerability from cvelistv5

CVE-2022-41858 (GCVE-0-2022-41858)

Vulnerability from cvelistv5

CVE-2023-4921 (GCVE-0-2023-4921)

Vulnerability from cvelistv5

CVE-2023-6356 (GCVE-0-2023-6356)

Vulnerability from cvelistv5

CVE-2024-0646 (GCVE-0-2024-0646)

Vulnerability from cvelistv5

CVE-2023-40283 (GCVE-0-2023-40283)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature