Lucene search

[email protected]CVE-2023-22997

HistoryFeb 28, 2023 - 9:15 p.m.

CVE-2023-22997

2023-02-2821:15:12

CWE-476

[email protected]

web.nvd.nist.gov

linux

kernel

cve-2023-22997

module

decompress

error pointer

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Affected configurations

NVD

Node

linuxlinux_kernelRange<6.1.2

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt6.1.2

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	6.1.2

References

cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2

github.com/torvalds/linux/commit/45af1d7aae7d5520d2858f8517a1342646f015db

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-22997

prion1 cbl_mariner2 cvelist1 debiancve1 ubuntucve1 redhatcve1 nvd1 nessus1 ubuntu1 osv1 openvas1