Vulnerability-Lookup

CVE-2023-28938 (GCVE-0-2023-28938)

Vulnerability from cvelistv5 – Published: 2023-08-11 02:36 – Updated: 2024-10-02 14:28

Summary

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.

Severity ?

3.4 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

CWE

denial of service
CWE-400 - Uncontrolled resource consumption

Assigner

intel

References

URL

	Vendor	Product	Version
	n/a	Intel(R) SSD Tools software	Affected: before version mdadm-4.2-rc2

CERTFR-2023-AVI-0640

Vulnerability from certfr_avis - Published: 2023-08-09 - Updated: 2023-08-09

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel SSD Tools software versions antérieures à mdadm-4.2-rc2
Intel BIOS PCSD BIOS versions antérieures à 02.01.0013
Intel logiciel PROSet/Wireless WiFi versions antérieures à 22.200
Intel Converged Security Management Engine (CSME) sans les correctifs de sécurité du 08 août 2023
Intel Active Management Technology (AMT) sans les correctifs de sécurité du 08 août 2023
Intel Standard Manageability software sans les correctifs de sécurité du 08 août 2023
Pilote RDMA des Contrôleurs Ethernet Intel pour linux versions antérieures à 1.9.30
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11ème à 13ème générations) versions antérieures à 19.5.2.1049.5
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10ème et 11ème générations) versions antérieures à 18.7.6.1010.3
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8ème et 9ème générations) versions antérieures à 17.11.3.1010.2
Interface utilisateur Intel RST et pilotes versions antérieures à 16.8.5.1014.5
Suite de logiciels Intel Quartus Prime Pro pour Linux before versions antérieures à 22.4
Suite de logiciels Intel Quartus Prime Standard pour Linux versions antérieures à 22.1STD
Cartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et décembre 2022
Séries de processeurs Intel Atom, Xeon, Core de 7ème à 11ème générations, Celeron, Pentium et Core séries X sans les correctifs de sécurité du 08 août 2023
Logiciel d'exécution Intel oneVPL GPU versions antérieures à 22.6.5
Client Intel Unite pour Mac versions antérieures à 4.2.11
Ensemble de logiciels Intel Unite pour Windows versions antérieures à 4.2.34962
Séries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de sécurité du 08 août 2023
Pilotes infrarouge ITE Tech consumer pour terminaux NUC versions antérieures à 5.5.2.1
System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.
Utilitaire de mise à jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems basé sur les jeux de puces 621A
Séries de contrôleurs Ethernet et adaptateurs E810 (Columbiaville) versions antérieures à 1.7.2.4
Logiciel Intel Optimization for TensorFlow versions antérieures à 2.12
Distribution Intel des outils OpenVINO versions antérieures à 2022.3.0
Outils Intel VCUST téléchargés avant le 03 février 2023 sans le correctif de sécurité du 08 août 2023
logiciel Intel VROC versions antérieures à 8.0.0.4035
Logiciel d'installation d'Intel Advanced Link Analyzer Standard Edition versions antérieures à 22.1.1
Logiciel d'installation Intel ISPC software pour Windows versions antérieures à 1.19.0
Logiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions antérieures à 22.4
Logiciel Intel Easy Streaming Wizard toutes versions [1]
Application Android Intel Support versions antérieures à v23.02.07
Suite logicielle Intel NUC Pro pour Windows versions antérieures à 2.0.0.9
Logiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions antérieures à 22.220 HF
Logiciel Intel oneMKL versions antérieures à 2022.0
Logiciel Intel DTT versions antérieures à 8.7.10801.25109
Logiciel Intel AI Hackathon versions antérieures à 2.0.0
Logiciel Intel DSA versions antérieures à 23.1.9
Bibliothèque Hyperscan maintenue par Intel versions antérieures à 5.4.1
Outils Intel oneAPI versions antérieures à 2023.1.0
BIOS de cartes mères de terminaux NUC sans les correctifs de sécurité du 08 août 2023
Logiciel Intel Manageability Commander versions antérieures à 2.3
Logiciel Intel Unison versions antérieures à 10.12
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Microsoft versions antérieures à 3.0
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Linux versions antérieures à 1.13.4
Logiciel Intel SDP Tool versions antérieures à 1.4 build 5
Outils de développement Intel PSR versions antérieures à 1.0.0.20
Logiciel Intel RealSense ID pour Intel RealSense 450 FA versions antérieures à 0.25
Application Android Intel Unite versions antérieures à 4.2.3504
Logiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]
Logiciel Intel ITS versions antérieures à 3.1
Outils de développement Intel RealSense versions antérieures à 2.53.1

[1] : L'éditeur indique que le logiciel Intel Easy Streaming Wizard n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

[2] : L'éditeur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00846 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00844 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00897 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00893 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00899 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00828 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00813 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00912 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00859 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00932 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00812 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00892 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00934 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00795 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00938 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00826 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00862 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00818 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00836 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00840 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00873 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00742 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00794 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00766 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00879 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00905 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00837 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00783 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00830 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00842 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00877 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00848 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00829 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00917 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00946 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00800 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00890 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00850 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00849 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00868 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00878 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00907 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00690 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00875 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00872 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00835 du 08 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel SSD Tools software versions ant\u00e9rieures \u00e0 mdadm-4.2-rc2\u003c/li\u003e \u003cli\u003eIntel BIOS PCSD BIOS versions ant\u00e9rieures \u00e0 02.01.0013\u003c/li\u003e \u003cli\u003eIntel logiciel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.200\u003c/li\u003e \u003cli\u003eIntel Converged Security Management Engine (CSME) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Active Management Technology (AMT) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Standard Manageability software sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilote RDMA des Contr\u00f4leurs Ethernet Intel pour linux versions ant\u00e9rieures \u00e0 1.9.30\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11\u00e8me \u00e0 13\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 19.5.2.1049.5\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10\u00e8me et 11\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 18.7.6.1010.3\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8\u00e8me et 9\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 17.11.3.1010.2\u003c/li\u003e \u003cli\u003eInterface utilisateur Intel RST et pilotes versions ant\u00e9rieures \u00e0 16.8.5.1014.5\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Pro pour Linux before versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Standard pour Linux versions ant\u00e9rieures \u00e0 22.1STD\u003c/li\u003e \u003cli\u003eCartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et d\u00e9cembre 2022\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core de 7\u00e8me \u00e0 11\u00e8me g\u00e9n\u00e9rations, Celeron, Pentium et Core s\u00e9ries X sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel d\u0027ex\u00e9cution Intel oneVPL GPU versions ant\u00e9rieures \u00e0 22.6.5\u003c/li\u003e \u003cli\u003eClient Intel Unite pour Mac versions ant\u00e9rieures \u00e0 4.2.11\u003c/li\u003e \u003cli\u003eEnsemble de logiciels Intel Unite pour Windows versions ant\u00e9rieures \u00e0 4.2.34962\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilotes infrarouge ITE Tech consumer pour terminaux NUC versions ant\u00e9rieures \u00e0 5.5.2.1\u003c/li\u003e \u003cli\u003eSystem Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.\u003c/li\u003e \u003cli\u003eUtilitaire de mise \u00e0 jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems bas\u00e9 sur les jeux de puces 621A\u003c/li\u003e \u003cli\u003eS\u00e9ries de contr\u00f4leurs Ethernet et adaptateurs E810 (Columbiaville) versions ant\u00e9rieures \u00e0 1.7.2.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Optimization for TensorFlow versions ant\u00e9rieures \u00e0 2.12\u003c/li\u003e \u003cli\u003eDistribution Intel des outils OpenVINO versions ant\u00e9rieures \u00e0 2022.3.0\u003c/li\u003e \u003cli\u003eOutils Intel VCUST t\u00e9l\u00e9charg\u00e9s avant le 03 f\u00e9vrier 2023 sans le correctif de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003elogiciel Intel VROC versions ant\u00e9rieures \u00e0 8.0.0.4035\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation d\u0027Intel Advanced Link Analyzer Standard Edition versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation Intel ISPC software pour Windows versions ant\u00e9rieures \u00e0 1.19.0\u003c/li\u003e \u003cli\u003eLogiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Easy Streaming Wizard toutes versions [1]\u003c/li\u003e \u003cli\u003eApplication Android Intel Support versions ant\u00e9rieures \u00e0 v23.02.07\u003c/li\u003e \u003cli\u003eSuite logicielle Intel NUC Pro pour Windows versions ant\u00e9rieures \u00e0 2.0.0.9\u003c/li\u003e \u003cli\u003eLogiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions ant\u00e9rieures \u00e0 22.220 HF\u003c/li\u003e \u003cli\u003eLogiciel Intel oneMKL versions ant\u00e9rieures \u00e0 2022.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DTT versions ant\u00e9rieures \u00e0 8.7.10801.25109\u003c/li\u003e \u003cli\u003eLogiciel Intel AI Hackathon versions ant\u00e9rieures \u00e0 2.0.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DSA versions ant\u00e9rieures \u00e0 23.1.9\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Hyperscan maintenue par Intel versions ant\u00e9rieures \u00e0 5.4.1\u003c/li\u003e \u003cli\u003eOutils Intel oneAPI versions ant\u00e9rieures \u00e0 2023.1.0\u003c/li\u003e \u003cli\u003eBIOS de cartes m\u00e8res de terminaux NUC sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel Intel Manageability Commander versions ant\u00e9rieures \u00e0 2.3\u003c/li\u003e \u003cli\u003eLogiciel Intel Unison versions ant\u00e9rieures \u00e0 10.12\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Microsoft versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Linux versions ant\u00e9rieures \u00e0 1.13.4\u003c/li\u003e \u003cli\u003eLogiciel Intel SDP Tool versions ant\u00e9rieures \u00e0 1.4 build 5\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel PSR versions ant\u00e9rieures \u00e0 1.0.0.20\u003c/li\u003e \u003cli\u003eLogiciel Intel RealSense ID pour Intel RealSense 450 FA versions ant\u00e9rieures \u00e0 0.25\u003c/li\u003e \u003cli\u003eApplication Android Intel Unite versions ant\u00e9rieures \u00e0 4.2.3504\u003c/li\u003e \u003cli\u003eLogiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]\u003c/li\u003e \u003cli\u003eLogiciel Intel ITS versions ant\u00e9rieures \u00e0 3.1\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel RealSense versions ant\u00e9rieures \u00e0 2.53.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e[1] :\u00a0L\u0027\u00e9diteur indique que le logiciel Intel Easy Streaming Wizard n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e \u003cp\u003e[2] :\u00a0L\u0027\u00e9diteur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-32617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32617"
    },
    {
      "name": "CVE-2023-27509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27509"
    },
    {
      "name": "CVE-2023-31246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31246"
    },
    {
      "name": "CVE-2023-23577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23577"
    },
    {
      "name": "CVE-2022-44611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44611"
    },
    {
      "name": "CVE-2023-28736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28736"
    },
    {
      "name": "CVE-2023-29243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29243"
    },
    {
      "name": "CVE-2023-34086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34086"
    },
    {
      "name": "CVE-2023-27392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27392"
    },
    {
      "name": "CVE-2023-24016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24016"
    },
    {
      "name": "CVE-2022-27635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
    },
    {
      "name": "CVE-2023-28823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
    },
    {
      "name": "CVE-2023-22356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22356"
    },
    {
      "name": "CVE-2023-27506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27506"
    },
    {
      "name": "CVE-2023-32547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32547"
    },
    {
      "name": "CVE-2022-36372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36372"
    },
    {
      "name": "CVE-2023-25773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25773"
    },
    {
      "name": "CVE-2023-28658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28658"
    },
    {
      "name": "CVE-2022-37343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37343"
    },
    {
      "name": "CVE-2022-36392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36392"
    },
    {
      "name": "CVE-2023-27515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27515"
    },
    {
      "name": "CVE-2022-38076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
    },
    {
      "name": "CVE-2023-27391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27391"
    },
    {
      "name": "CVE-2022-37336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37336"
    },
    {
      "name": "CVE-2023-28385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28385"
    },
    {
      "name": "CVE-2023-25944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25944"
    },
    {
      "name": "CVE-2023-29500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29500"
    },
    {
      "name": "CVE-2023-22841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22841"
    },
    {
      "name": "CVE-2022-38102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38102"
    },
    {
      "name": "CVE-2023-22444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22444"
    },
    {
      "name": "CVE-2023-32609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32609"
    },
    {
      "name": "CVE-2023-28938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28938"
    },
    {
      "name": "CVE-2023-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
    },
    {
      "name": "CVE-2023-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28714"
    },
    {
      "name": "CVE-2023-22276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22276"
    },
    {
      "name": "CVE-2023-33867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33867"
    },
    {
      "name": "CVE-2022-29871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
    },
    {
      "name": "CVE-2022-40982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
    },
    {
      "name": "CVE-2022-29887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29887"
    },
    {
      "name": "CVE-2023-32656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32656"
    },
    {
      "name": "CVE-2023-22449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22449"
    },
    {
      "name": "CVE-2023-25757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25757"
    },
    {
      "name": "CVE-2023-25182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25182"
    },
    {
      "name": "CVE-2022-29470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29470"
    },
    {
      "name": "CVE-2023-29494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29494"
    },
    {
      "name": "CVE-2023-28380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28380"
    },
    {
      "name": "CVE-2022-41984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41984"
    },
    {
      "name": "CVE-2023-22840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22840"
    },
    {
      "name": "CVE-2022-40964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
    },
    {
      "name": "CVE-2023-34355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34355"
    },
    {
      "name": "CVE-2022-38973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38973"
    },
    {
      "name": "CVE-2022-34657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34657"
    },
    {
      "name": "CVE-2023-29151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29151"
    },
    {
      "name": "CVE-2022-43505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43505"
    },
    {
      "name": "CVE-2022-36351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
    },
    {
      "name": "CVE-2023-34438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34438"
    },
    {
      "name": "CVE-2023-28405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28405"
    },
    {
      "name": "CVE-2023-34427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34427"
    },
    {
      "name": "CVE-2023-32663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32663"
    },
    {
      "name": "CVE-2022-41804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41804"
    },
    {
      "name": "CVE-2022-45112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45112"
    },
    {
      "name": "CVE-2023-27505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27505"
    },
    {
      "name": "CVE-2023-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33877"
    },
    {
      "name": "CVE-2023-22330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22330"
    },
    {
      "name": "CVE-2023-27887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27887"
    },
    {
      "name": "CVE-2022-43456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43456"
    },
    {
      "name": "CVE-2023-32285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32285"
    },
    {
      "name": "CVE-2022-46329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
    },
    {
      "name": "CVE-2023-32543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32543"
    },
    {
      "name": "CVE-2023-34349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34349"
    },
    {
      "name": "CVE-2023-22338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22338"
    },
    {
      "name": "CVE-2023-26587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26587"
    },
    {
      "name": "CVE-2023-30760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30760"
    },
    {
      "name": "CVE-2022-44612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44612"
    },
    {
      "name": "CVE-2023-25775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
    },
    {
      "name": "CVE-2022-27879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27879"
    },
    {
      "name": "CVE-2022-25864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25864"
    },
    {
      "name": "CVE-2023-23908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23908"
    },
    {
      "name": "CVE-2022-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38083"
    }
  ],
  "initial_release_date": "2023-08-09T00:00:00",
  "last_revision_date": "2023-08-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0640",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00846 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00844 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00897 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00893 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00899 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00828 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00813 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00912 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00859 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00932 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00812 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00892 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00934 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00795 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00938 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00826 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00862 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00818 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00836 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00840 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00873 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00742 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00794 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00766 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00879 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00905 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00837 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00783 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00830 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00842 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00877 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00848 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00829 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00917 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00946 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00800 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00890 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00850 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00849 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00868 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00878 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00907 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00690 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00875 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00872 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00835 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
    }
  ]
}

GHSA-PXXQ-FRX3-RF22

Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:51

Details

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.

Severity ?

3.4 (Low)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-28938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-11T03:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.",
  "id": "GHSA-pxxq-frx3-rf22",
  "modified": "2024-04-04T06:51:32Z",
  "published": "2023-08-11T03:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28938"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2023-28938

Vulnerability from fkie_nvd - Published: 2023-08-11 03:15 - Updated: 2024-11-21 07:56

Severity ?

3.4 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.

References

	URL	Tags
	secure@intel.com	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mdadm_project	mdadm	*
	mdadm_project	mdadm	4.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mdadm_project:mdadm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57006DDC-FD21-43BC-9DE8-6E03993FAB65",
              "versionEndExcluding": "4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mdadm_project:mdadm:4.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2D9C5AB9-778F-4A22-91E2-04A124833A49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access."
    }
  ],
  "id": "CVE-2023-28938",
  "lastModified": "2024-11-21T07:56:16.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.4,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 2.5,
        "source": "secure@intel.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-11T03:15:27.257",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "secure@intel.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-28938

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.

Aliases

CVE-2023-28938

Aliases

CVE-2023-28938

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-28938",
    "id": "GSD-2023-28938"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-28938"
      ],
      "details": "Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.",
      "id": "GSD-2023-28938",
      "modified": "2023-12-13T01:20:47.947954Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2023-28938",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) SSD Tools software",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "before version mdadm-4.2-rc2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "denial of service"
              },
              {
                "cweId": "CWE-400",
                "lang": "eng",
                "value": "Uncontrolled resource consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
            "refsource": "MISC",
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mdadm_project:mdadm:4.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mdadm_project:mdadm:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2023-28938"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-09-25T18:30Z",
      "publishedDate": "2023-08-11T03:15Z"
    }
  }
}

CVE-2023-28938

Vulnerability from fstec - Published: 27.07.2021

Title

Уязвимость утилиты для управления RAID-массивами Mdadm, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость утилиты для управления RAID-массивами Mdadm связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Mdadm

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 4.2-rc2 (Mdadm)

Possible Mitigations

Для Mdadm: использование рекомендаций производителя: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62 Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2023-28938 Для ОС Astra Linux: обновить пакет mdadm до 4.2-5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17 Для Astra Linux Special Edition 4.7: обновить пакет mdadm до 4.2-5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47

Reference

https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62 https://nvd.nist.gov/vuln/detail/CVE-2023-28938 https://security-tracker.debian.org/tracker/CVE-2023-28938 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47

CWE

CWE-400

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:M/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 4.2-rc2 (Mdadm)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Mdadm:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2023-28938\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 mdadm \u0434\u043e 4.2-5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 mdadm \u0434\u043e 4.2-5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.07.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.11.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07643",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-28938",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Mdadm",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RAID-\u043c\u0430\u0441\u0441\u0438\u0432\u0430\u043c\u0438 Mdadm, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RAID-\u043c\u0430\u0441\u0441\u0438\u0432\u0430\u043c\u0438 Mdadm \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28938\nhttps://security-tracker.debian.org/tracker/CVE-2023-28938\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,4)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-28938 (GCVE-0-2023-28938)

CERTFR-2023-AVI-0640

Solution

GHSA-PXXQ-FRX3-RF22

FKIE_CVE-2023-28938

GSD-2023-28938

CVE-2023-28938

Tags

Sightings

Nomenclature