Vulnerability-Lookup

CVE-2023-26605 (GCVE-0-2023-26605)

Vulnerability from cvelistv5 – Published: 2023-02-26 00:00 – Updated: 2025-05-05 16:04

Summary

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

Tags

	https://lkml.org/lkml/2023/2/22/3
	https://security.netapp.com/advisory/ntap-2023031…
	https://git.kernel.org/cgit/linux/kernel/git/torv…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:53:54.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2023/2/22/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-26605",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:29:26.813449Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:04:13.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T00:41:03.108Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lkml.org/lkml/2023/2/22/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-26605",
    "datePublished": "2023-02-26T00:00:00.000Z",
    "dateReserved": "2023-02-26T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:04:13.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2023-26605

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

Aliases

CVE-2023-26605

Aliases

CVE-2023-26605

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-26605",
    "id": "GSD-2023-26605",
    "references": [
      "https://www.suse.com/security/cve/CVE-2023-26605.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-26605"
      ],
      "details": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.",
      "id": "GSD-2023-26605",
      "modified": "2023-12-13T01:20:53.591643Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-26605",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lkml.org/lkml/2023/2/22/3",
            "refsource": "MISC",
            "url": "https://lkml.org/lkml/2023/2/22/3"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230316-0010/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
          },
          {
            "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4",
            "refsource": "MISC",
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C15A1592-2D11-489C-A208-5474834B2E80",
                    "versionEndExcluding": "5.15.81",
                    "versionStartIncluding": "5.15.75",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "25175142-441A-4526-B1D9-18913C052F3E",
                    "versionEndExcluding": "6.0.0",
                    "versionStartIncluding": "5.19.17",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "73FC69CE-E4BD-4315-AC3C-42B1AD292E2A",
                    "versionEndExcluding": "6.0.11",
                    "versionStartIncluding": "6.0.3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid."
          }
        ],
        "id": "CVE-2023-26605",
        "lastModified": "2024-03-25T01:15:53.723",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-02-26T23:15:10.827",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ],
            "url": "https://lkml.org/lkml/2023/2/22/3"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-416"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CERTFR-2023-AVI-0333

Vulnerability from certfr_avis - Published: 2023-04-21 - Updated: 2023-04-21

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code arbitraire à distance, une atteinte à l'intégrité des données, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 22.10
Ubuntu	Ubuntu	Ubuntu 16.04 ESM
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-6030-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6024-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6031-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6025-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6020-1 du 14 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6029-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu LSN-0094-1 du 18 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6033-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6027-1 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-6032-1 du 19 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 22.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 16.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 22.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-28466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
    },
    {
      "name": "CVE-2023-28328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
    },
    {
      "name": "CVE-2023-1076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1076"
    },
    {
      "name": "CVE-2023-1281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2023-23455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
    },
    {
      "name": "CVE-2022-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
    },
    {
      "name": "CVE-2023-26606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26606"
    },
    {
      "name": "CVE-2023-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
    },
    {
      "name": "CVE-2023-1989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
    },
    {
      "name": "CVE-2023-28866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28866"
    },
    {
      "name": "CVE-2023-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
    },
    {
      "name": "CVE-2022-4842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4842"
    },
    {
      "name": "CVE-2022-3903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3903"
    },
    {
      "name": "CVE-2023-1074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
    },
    {
      "name": "CVE-2022-36280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
    },
    {
      "name": "CVE-2022-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2022-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
    },
    {
      "name": "CVE-2022-2196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
    },
    {
      "name": "CVE-2022-41849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
    },
    {
      "name": "CVE-2023-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1032"
    },
    {
      "name": "CVE-2023-1670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1670"
    },
    {
      "name": "CVE-2023-26607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
    },
    {
      "name": "CVE-2023-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
    },
    {
      "name": "CVE-2023-23559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
    },
    {
      "name": "CVE-2023-26605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26605"
    },
    {
      "name": "CVE-2023-22997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22997"
    },
    {
      "name": "CVE-2023-1990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1990"
    },
    {
      "name": "CVE-2022-21505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21505"
    },
    {
      "name": "CVE-2023-1998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
    },
    {
      "name": "CVE-2023-26545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
    },
    {
      "name": "CVE-2021-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
    },
    {
      "name": "CVE-2023-25012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25012"
    },
    {
      "name": "CVE-2023-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1095"
    },
    {
      "name": "CVE-2023-1118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2023-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
    },
    {
      "name": "CVE-2022-3424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
    },
    {
      "name": "CVE-2022-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3108"
    },
    {
      "name": "CVE-2023-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
    },
    {
      "name": "CVE-2023-30456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
    },
    {
      "name": "CVE-2023-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
    },
    {
      "name": "CVE-2023-1077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
    },
    {
      "name": "CVE-2023-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
    },
    {
      "name": "CVE-2023-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1652"
    },
    {
      "name": "CVE-2023-0468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0468"
    },
    {
      "name": "CVE-2023-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1583"
    }
  ],
  "initial_release_date": "2023-04-21T00:00:00",
  "last_revision_date": "2023-04-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0333",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6030-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6030-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6024-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6024-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6031-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6031-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6025-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6025-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6020-1 du 14 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6020-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6029-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6029-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0094-1 du 18 avril 2023",
      "url": "https://ubuntu.com/security/notices/LSN-0094-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6033-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6033-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6027-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6027-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6032-1 du 19 avril 2023",
      "url": "https://ubuntu.com/security/notices/USN-6032-1"
    }
  ]
}

CERTFR-2023-AVI-0244

Vulnerability from certfr_avis - Published: 2023-03-17 - Updated: 2023-03-17

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 22.10
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-5962-1 du 16 mars 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-5951-1 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-5950-1 du 14 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 22.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 22.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-47521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47521"
    },
    {
      "name": "CVE-2022-47520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
    },
    {
      "name": "CVE-2023-0461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2022-4379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
    },
    {
      "name": "CVE-2022-42329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
    },
    {
      "name": "CVE-2023-23455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
    },
    {
      "name": "CVE-2022-47518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47518"
    },
    {
      "name": "CVE-2023-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
    },
    {
      "name": "CVE-2022-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
    },
    {
      "name": "CVE-2022-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
    },
    {
      "name": "CVE-2022-45869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
    },
    {
      "name": "CVE-2022-36280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2022-3344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3344"
    },
    {
      "name": "CVE-2023-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
    },
    {
      "name": "CVE-2022-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
    },
    {
      "name": "CVE-2023-26605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26605"
    },
    {
      "name": "CVE-2022-42328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2023-20938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20938"
    },
    {
      "name": "CVE-2022-3424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
    },
    {
      "name": "CVE-2022-47519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47519"
    },
    {
      "name": "CVE-2023-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
    },
    {
      "name": "CVE-2022-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    },
    {
      "name": "CVE-2022-3521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
    },
    {
      "name": "CVE-2023-0468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0468"
    }
  ],
  "initial_release_date": "2023-03-17T00:00:00",
  "last_revision_date": "2023-03-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0244",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5962-1 du 16 mars 2023",
      "url": "https://ubuntu.com/security/notices/USN-5962-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5951-1 du 14 mars 2023",
      "url": "https://ubuntu.com/security/notices/USN-5951-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5950-1 du 14 mars 2023",
      "url": "https://ubuntu.com/security/notices/USN-5950-1"
    }
  ]
}

CERTFR-2023-AVI-0399

Vulnerability from certfr_avis - Published: 2023-05-19 - Updated: 2023-05-19

De multiples vulnérabilités ont été découvertes dans les produits NetApp HCI. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un déni de service.

Solution

Important : l'éditeur ne prévoit pas de publier de correctifs de sécurité (cf. section Documentation). Le CERT-FR recommande de remplacer les produits obsolètes Netapp HCI par des solutions maintenues à jour.

Contournement provisoire

Le CERT-FR recommande de cloisonner l'accès au composant BMC.

NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S
NetApp HCI Baseboard Management Controller (BMC) - H410C

Ces produits ne sont plus maintenus par l'éditeur.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité NetApp NTAP-20230511-0003 du 17 mai 2023	None	vendor-advisory
Bulletin de sécurité NetApp NTAP-20230331-0004 du 17 mai 2023	None	vendor-advisory
Bulletin de sécurité NetApp NTAP-20230413-0010 du 17 mai 2023	None	vendor-advisory
Bulletin de sécurité NetApp NTAP-20230309-0004 du 17 mai 2023	None	vendor-advisory
Bulletin de sécurité NetApp NTAP-20230316-0010 du 17 mai 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eNetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S\u003c/li\u003e \u003cli\u003eNetApp HCI Baseboard Management Controller (BMC) - H410C\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eCes produits ne sont plus maintenus par l\u0027\u00e9diteur.\u003c/p\u003e ",
  "content": "## Solution\n\nImportant : l\u0027\u00e9diteur ne pr\u00e9voit pas de publier de correctifs de\ns\u00e9curit\u00e9 (cf. section Documentation). Le CERT-FR recommande de remplacer\nles produits obsol\u00e8tes Netapp HCI par des solutions maintenues \u00e0 jour.\n\n\u00a0\n\n## Contournement provisoire\n\nLe CERT-FR recommande de cloisonner l\u0027acc\u00e8s au composant BMC.\n",
  "cves": [
    {
      "name": "CVE-2023-26606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26606"
    },
    {
      "name": "CVE-2023-23000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23000"
    },
    {
      "name": "CVE-2023-0030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0030"
    },
    {
      "name": "CVE-2023-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
    },
    {
      "name": "CVE-2023-26607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
    },
    {
      "name": "CVE-2023-26605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26605"
    },
    {
      "name": "CVE-2023-22995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22995"
    },
    {
      "name": "CVE-2023-26544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26544"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    }
  ],
  "initial_release_date": "2023-05-19T00:00:00",
  "last_revision_date": "2023-05-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eNetApp HCI\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp HCI",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230511-0003 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0003/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230331-0004 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230331-0004/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230413-0010 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230413-0010/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230309-0004 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230309-0004/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230316-0010 du 17 mai 2023",
      "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
    }
  ]
}

FKIE_CVE-2023-26605

Vulnerability from fkie_nvd - Published: 2023-02-26 23:15 - Updated: 2025-05-05 16:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

References

URL	Tags
cve@mitre.org	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4
cve@mitre.org	https://lkml.org/lkml/2023/2/22/3	Exploit
cve@mitre.org	https://security.netapp.com/advisory/ntap-20230316-0010/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4
af854a3a-2127-422b-91ae-364da2661108	https://lkml.org/lkml/2023/2/22/3	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230316-0010/	Third Party Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C15A1592-2D11-489C-A208-5474834B2E80",
              "versionEndExcluding": "5.15.81",
              "versionStartIncluding": "5.15.75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25175142-441A-4526-B1D9-18913C052F3E",
              "versionEndExcluding": "6.0.0",
              "versionStartIncluding": "5.19.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FC69CE-E4BD-4315-AC3C-42B1AD292E2A",
              "versionEndExcluding": "6.0.11",
              "versionStartIncluding": "6.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid."
    }
  ],
  "id": "CVE-2023-26605",
  "lastModified": "2025-05-05T16:15:31.580",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-26T23:15:10.827",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://lkml.org/lkml/2023/2/22/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://lkml.org/lkml/2023/2/22/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230316-0010/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2023-26605

Vulnerability from fstec - Published: 21.02.2023

Title

Уязвимость функции inode_cgwb_move_to_attached() компонента fs/fs-writeback.c ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость функции inode_cgwb_move_to_attached() компонента fs/fs-writeback.c ядра операционных систем Linux связана с использованием памяти после ее освобождения. Эксплуатация уязвимости может позволить нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, АО "НППКТ"

Software Name

Linux, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

от 5.15.75 до 5.15.80 включительно (Linux), до 2.9 (ОСОН ОСнова Оnyx), от 5.19.17 до 6.1 (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux; https://lkml.org/lkml/2023/2/22/3 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.81 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения linux до версии 5.15.140-1.oasnova221

Reference

https://lkml.org/lkml/2023/2/22/3 https://gist.github.com/oswalpalash/bed0eba75def3cdd34a285428e9bcdc4 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.81 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 5.15.75 \u0434\u043e 5.15.80 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 5.19.17 \u0434\u043e 6.1 (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux;\nhttps://lkml.org/lkml/2023/2/22/3\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.81\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.15.140-1.oasnova221",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.02.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.03.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01111",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-26605",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.15.75 \u0434\u043e 5.15.80 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.19.17 \u0434\u043e 6.1 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 inode_cgwb_move_to_attached() \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 fs/fs-writeback.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 inode_cgwb_move_to_attached() \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 fs/fs-writeback.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lkml.org/lkml/2023/2/22/3\nhttps://gist.github.com/oswalpalash/bed0eba75def3cdd34a285428e9bcdc4\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.81\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

GHSA-95XH-QWG7-2R9X

Vulnerability from github – Published: 2023-02-27 00:30 – Updated: 2024-03-25 03:31

Details

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-26605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-26T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.",
  "id": "GHSA-95xh-qwg7-2r9x",
  "modified": "2024-03-25T03:31:43Z",
  "published": "2023-02-27T00:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26605"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"
    },
    {
      "type": "WEB",
      "url": "https://lkml.org/lkml/2023/2/22/3"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230316-0010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-26605 (GCVE-0-2023-26605)

GSD-2023-26605

CERTFR-2023-AVI-0333

Solution

CERTFR-2023-AVI-0244

Solution

CERTFR-2023-AVI-0399

Solution

Contournement provisoire

FKIE_CVE-2023-26605

CVE-2023-26605

GHSA-95XH-QWG7-2R9X

Tags

Sightings

Nomenclature