Lucene search

[email protected]NVD:CVE-2023-1077

HistoryMar 27, 2023 - 9:15 p.m.

CVE-2023-1077

2023-03-2721:15:10

CWE-843

[email protected]

web.nvd.nist.gov

linux kernel

type confusion

vulnerability

memory corruption

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.

Affected configurations

Nvd

Node

linuxlinux_kernelRange2.6.25–4.19.293

linuxlinux_kernelRange4.20–5.4.235

linuxlinux_kernelRange5.5–5.10.173

linuxlinux_kernelRange5.11–5.15.99

linuxlinux_kernelRange5.16–6.1.16

linuxlinux_kernelRange6.2–6.2.3

Node

debiandebian_linuxMatch10.0

Node

netappa700sMatch-

AND

netappa700s_firmwareMatch-

Node

netapp8300Match-

AND

netapp8300_firmwareMatch-

Node

netapp8700Match-

AND

netapp8700_firmwareMatch-

Node

netappa400Match-

AND

netappa400_firmwareMatch-

Node

netappc400Match-

AND

netappc400_firmwareMatch-

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
netappa700s-cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
netappa700s_firmware-cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
netapp8300-cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*
netapp8300_firmware-cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
netapp8700-cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*
netapp8700_firmware-cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
netappa400-cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*
netappa400_firmware-cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
netapp	a700s	-	cpe:2.3:h:netapp:a700s:-:::::::*
netapp	a700s_firmware	-	cpe:2.3:o:netapp:a700s_firmware:-:::::::*
netapp	8300	-	cpe:2.3:h:netapp:8300:-:::::::*
netapp	8300_firmware	-	cpe:2.3:o:netapp:8300_firmware:-:::::::*
netapp	8700	-	cpe:2.3:h:netapp:8700:-:::::::*
netapp	8700_firmware	-	cpe:2.3:o:netapp:8700_firmware:-:::::::*
netapp	a400	-	cpe:2.3:h:netapp:a400:-:::::::*
netapp	a400_firmware	-	cpe:2.3:o:netapp:a400_firmware:-:::::::*