CVE-2023-2008
Published Apr 14, 2023
Last updated a year ago
Overview
- Description
- A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E74E9AF8-BDF5-4917-A9CA-0AAD8E13149B",
"versionEndExcluding": "5.19"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F90471AA-9F14-4DC3-9688-99E9F537D3F1",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "4.20"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "758A1E17-EBCF-401B-83C7-B682D38D61BE",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B43F7696-8D52-482D-9080-84279B0CB38C",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0172D3FA-DDEB-482A-A270-4A1495A8798C",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D759CCF-9E1B-41B2-81AA-CB580C5F3EEC"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3068028-F453-4A1C-B80F-3F5609ACEF60"
}
],
"operator": "OR"
}
]
}
]