witchcraze
commented
10 months ago - CVE-2023-38426
- Suggested Configuration
- OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.113
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.30
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.3.0 up to (excluding) 6.3.4
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4
- Reference
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.113
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.30
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.4
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
- Reference (Commit)
- ksmbd: fix global-out-of-bounds in smb2_find_context_vals
- Fixed by
- 5.15.113 (865be1cff2c038984fe55c9deae5461a498cfdf9)
- 6.1.30 (75378b03a90d75b1349bb03577ac8465194c883e)
- 6.3.4 (0adcdc220fa555935bb37a273f08956616f8601a)
- 6.4 (02f76c401d17e409ed45bf7887148fcc22c93c85) (upstream)
- Will be introduced by
- 5.15 (e2f34481b24d)
- I Checked
- XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
- From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
- For 3.16.35, there is related post at lkml
- For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
- XXXX
[CVE Configuration Update Request] Update Suggestion - CVE-2023-38426 - Cvss3 : 9.1
https://www.linuxkernelcves.com/cves/CVE-2023-38426 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-38426.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-38426.json