Lucene search

RedhatCVE-2023-2124

HistoryMay 15, 2023 - 10:15 p.m.

CVE-2023-2124

2023-05-1522:15:12

CWE-787

redhat

web.nvd.nist.gov

152

cve-2023-2124

linux kernel

xfs file system

memory access flaw

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange<6.4

Node

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

Node

netapph410sMatch-

AND

netapph410s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
debiandebian_linux12.0cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
netapph300s-cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
netapph300s_firmware-cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
netapph410c-cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
netapph410c_firmware-cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
netapph410s-cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
netapph410s_firmware-cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
netapph500s-cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
debian	debian_linux	12.0	cpe:2.3:o:debian:debian_linux:12.0:::::::*
netapp	h300s	-	cpe:2.3:h:netapp:h300s:-:::::::*
netapp	h300s_firmware	-	cpe:2.3:o:netapp:h300s_firmware:-:::::::*
netapp	h410c	-	cpe:2.3:h:netapp:h410c:-:::::::*
netapp	h410c_firmware	-	cpe:2.3:o:netapp:h410c_firmware:-:::::::*
netapp	h410s	-	cpe:2.3:h:netapp:h410s:-:::::::*
netapp	h410s_firmware	-	cpe:2.3:o:netapp:h410s_firmware:-:::::::*
netapp	h500s	-	cpe:2.3:h:netapp:h500s:-:::::::*

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Kernel",
    "versions": [
      {
        "version": "Linux kernel 6.4-rc1",
        "status": "affected"
      }
    ]
  }
]

References

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210

lists.debian.org/debian-lts-announce/2023/10/msg00027.html

security.netapp.com/advisory/ntap-20230622-0010/

syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e

www.debian.org/security/2023/dsa-5448

www.debian.org/security/2023/dsa-5480