2023-11-01 19:00:24 +00:00
{
"id" : "CVE-2023-5178" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2023-11-01T17:15:11.920" ,
2024-04-03 16:03:28 +00:00
"lastModified" : "2024-04-03T14:15:11.910" ,
2024-01-25 09:00:30 +00:00
"vulnStatus" : "Modified" ,
2023-11-01 19:00:24 +00:00
"descriptions" : [
{
"lang" : "en" ,
2024-02-07 21:00:27 +00:00
"value" : "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation."
2023-11-07 21:03:21 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se encontr\u00f3 una vulnerabilidad de use-after-free en drivers/nvme/target/tcp.c` en `nvmet_tcp_free_crypto` debido a un error l\u00f3gico en el subsistema NVMe-oF/TCP en el kernel de Linux. Este problema puede permitir que un usuario malintencionado cause un problema de use-after-free y double-free, lo que puede permitir la ejecuci\u00f3n remota de c\u00f3digo o provocar una escalada de privilegios locales en caso de que el atacante ya tenga privilegios locales."
2023-11-01 19:00:24 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
2023-11-09 19:00:22 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
2024-01-16 21:00:29 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2023-11-09 19:00:22 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
2024-01-16 21:00:29 +00:00
"privilegesRequired" : "NONE" ,
2023-11-09 19:00:22 +00:00
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
2024-01-16 21:00:29 +00:00
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL"
2023-11-09 19:00:22 +00:00
} ,
2024-01-16 21:00:29 +00:00
"exploitabilityScore" : 3.9 ,
2023-11-09 19:00:22 +00:00
"impactScore" : 5.9
} ,
{
"source" : "secalert@redhat.com" ,
2023-11-01 19:00:24 +00:00
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
2024-04-03 16:03:28 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
2023-11-01 19:00:24 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
2024-04-03 16:03:28 +00:00
"privilegesRequired" : "LOW" ,
2023-11-01 19:00:24 +00:00
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
2024-04-03 16:03:28 +00:00
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH"
2023-11-01 19:00:24 +00:00
} ,
2024-04-03 16:03:28 +00:00
"exploitabilityScore" : 2.8 ,
2023-11-01 19:00:24 +00:00
"impactScore" : 5.9
}
]
} ,
2023-11-07 21:03:21 +00:00
"weaknesses" : [
{
2023-11-09 19:00:22 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
} ,
{
"source" : "secalert@redhat.com" ,
2023-11-07 21:03:21 +00:00
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
}
] ,
2023-11-09 19:00:22 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "6.6" ,
"matchCriteriaId" : "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "84267A4F-DBC2-444F-B41D-69E15E1BEC97"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*" ,
"matchCriteriaId" : "FB440208-241C-4246-9A83-C1715C0DAA6C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*" ,
"matchCriteriaId" : "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*" ,
"matchCriteriaId" : "00AB783B-BE05-40E8-9A55-6AA457D95031"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*" ,
"matchCriteriaId" : "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*" ,
"matchCriteriaId" : "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4CFF558-3C47-480D-A2F0-BABF26042943"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
2024-01-16 21:00:29 +00:00
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*" ,
"matchCriteriaId" : "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D6D700C5-F67F-4FFB-BE69-D524592A3D2E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D452B464-1200-4B72-9A89-42DC58486191"
}
]
}
]
2023-11-09 19:00:22 +00:00
}
] ,
2023-11-01 19:00:24 +00:00
"references" : [
2023-11-21 19:00:21 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7370" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-21 19:00:21 +00:00
} ,
2023-11-21 13:00:22 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7379" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-21 13:00:22 +00:00
} ,
2023-11-21 19:00:21 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7418" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-21 19:00:21 +00:00
} ,
2023-11-28 19:00:23 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7548" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-28 19:00:23 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7549" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-28 19:00:23 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7551" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-28 19:00:23 +00:00
} ,
2023-11-29 00:55:21 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7554" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-29 00:55:21 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7557" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-29 00:55:21 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:7559" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-29 00:55:21 +00:00
} ,
2024-01-25 09:00:30 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0340" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0378" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0386" ,
"source" : "secalert@redhat.com"
2024-01-25 19:00:44 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0412" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0431" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0432" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0461" ,
"source" : "secalert@redhat.com"
2024-01-30 05:00:28 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0554" ,
"source" : "secalert@redhat.com"
2024-01-30 19:00:29 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:0575" ,
"source" : "secalert@redhat.com"
2024-03-12 17:03:45 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:1268" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:1269" ,
"source" : "secalert@redhat.com"
2024-03-12 23:03:26 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2024:1278" ,
"source" : "secalert@redhat.com"
2024-01-25 09:00:30 +00:00
} ,
2023-11-01 19:00:24 +00:00
{
"url" : "https://access.redhat.com/security/cve/CVE-2023-5178" ,
2023-11-09 19:00:22 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-01 19:00:24 +00:00
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2241924" ,
2023-11-09 19:00:22 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking" ,
"Third Party Advisory"
]
2023-11-01 19:00:24 +00:00
} ,
2024-01-11 23:00:28 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
2024-01-11 23:00:28 +00:00
} ,
2023-11-01 19:00:24 +00:00
{
"url" : "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/" ,
2023-11-09 19:00:22 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Mailing List" ,
"Patch"
]
2023-12-08 21:00:22 +00:00
} ,
{
"url" : "https://security.netapp.com/advisory/ntap-20231208-0004/" ,
2024-01-16 21:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-11-01 19:00:24 +00:00
}
]
}
