2023-05-08 23:55:29 +02:00
{
"id" : "CVE-2023-32233" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2023-05-08T20:15:20.267" ,
2023-09-28 20:00:29 +00:00
"lastModified" : "2023-09-28T19:07:11.537" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-05-08 23:55:29 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled."
}
] ,
2023-05-15 22:00:27 +02:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
2023-09-28 20:00:29 +00:00
"versionStartIncluding" : "3.13" ,
"versionEndExcluding" : "4.14.315" ,
"matchCriteriaId" : "7A2D2397-3B9A-44E9-BC19-9C562202EA30"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.15" ,
"versionEndExcluding" : "4.19.283" ,
"matchCriteriaId" : "8AC1BC2D-A61C-4368-A3F6-50DF48E2EFC5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.20" ,
"versionEndExcluding" : "5.4.243" ,
"matchCriteriaId" : "E54ACEF5-C8C1-4266-85FC-7D513FFD1DEC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.5" ,
"versionEndExcluding" : "5.10.180" ,
"matchCriteriaId" : "78422AC3-CC89-479E-B4BC-62381D8F3564"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.11" ,
"versionEndExcluding" : "5.15.111" ,
"matchCriteriaId" : "2B9DD776-7F17-4F72-B94F-54BFCBC692DD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.16" ,
"versionEndExcluding" : "6.1.28" ,
"matchCriteriaId" : "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.2" ,
"versionEndExcluding" : "6.2.15" ,
"matchCriteriaId" : "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.3" ,
"versionEndExcluding" : "6.3.2" ,
"matchCriteriaId" : "38F6F330-91A0-4675-8B90-6F950471A7CC"
2023-05-15 22:00:27 +02:00
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4CFF558-3C47-480D-A2F0-BABF26042943"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
2023-09-28 20:00:29 +00:00
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "27227B35-932A-4035-B39F-6A455753C0D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "489D20B9-166F-423D-8C48-A23D3026E33B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A4AD592C-222D-4C6F-B176-8145A1A5AFEC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8603654B-A8A9-4DEB-B0DD-C82E1C885749"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C855C933-F271-45E6-8E85-8D7CF2EF1BE6"
}
]
}
]
2023-05-15 22:00:27 +02:00
}
] ,
2023-05-08 23:55:29 +02:00
"references" : [
2023-06-22 16:00:29 +00:00
{
"url" : "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html" ,
2023-09-28 20:00:29 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
2023-06-22 16:00:29 +00:00
} ,
2023-05-15 23:55:27 +02:00
{
"url" : "http://www.openwall.com/lists/oss-security/2023/05/15/5" ,
2023-09-28 20:00:29 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
2023-05-15 23:55:27 +02:00
} ,
2023-05-10 02:00:27 +02:00
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2196105" ,
2023-05-15 22:00:27 +02:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking" ,
"Mitigation" ,
"Third Party Advisory"
]
2023-05-10 02:00:27 +02:00
} ,
2023-05-08 23:55:29 +02:00
{
"url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab" ,
2023-05-15 22:00:27 +02:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Patch"
]
2023-05-08 23:55:29 +02:00
} ,
{
"url" : "https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab" ,
2023-05-15 22:00:27 +02:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-05-08 23:55:29 +02:00
} ,
2023-06-05 22:00:26 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html" ,
2023-09-28 20:00:29 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2023-06-05 22:00:26 +00:00
} ,
2023-07-27 22:00:30 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" ,
2023-09-28 20:00:29 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
2023-07-27 22:00:30 +00:00
} ,
2023-05-10 02:00:27 +02:00
{
"url" : "https://news.ycombinator.com/item?id=35879660" ,
2023-05-15 22:00:27 +02:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-05-10 02:00:27 +02:00
} ,
2023-06-16 16:00:36 +00:00
{
"url" : "https://security.netapp.com/advisory/ntap-20230616-0002/" ,
2023-09-28 20:00:29 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
2023-06-16 16:00:36 +00:00
} ,
2023-05-14 04:00:26 +02:00
{
"url" : "https://www.debian.org/security/2023/dsa-5402" ,
2023-05-15 22:00:27 +02:00
"source" : "cve@mitre.org" ,
"tags" : [
2023-09-28 20:00:29 +00:00
"Mailing List" ,
2023-05-15 22:00:27 +02:00
"Third Party Advisory"
]
2023-05-14 04:00:26 +02:00
} ,
2023-05-08 23:55:29 +02:00
{
"url" : "https://www.openwall.com/lists/oss-security/2023/05/08/4" ,
2023-05-15 22:00:27 +02:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Patch" ,
"Third Party Advisory"
]
2023-05-08 23:55:29 +02:00
}
]
}
