CHK NVD : CVE-2023-32248 - 6ad3483b

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2023-32248 - Cvss3 : 7.5

https://www.linuxkernelcves.com/cves/CVE-2023-32248 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-32248.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-32248.json

- CVE-2023-32248
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.111
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.28
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2.0 up to (excluding) 6.2.15
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.3.0 up to (excluding) 6.3.2
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.111
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.28
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.2.15
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
- Reference (Commit)
  - ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
    - Fixed by
      - 5.15.111 (227eb2689b44d0d60da3839b146983e73435924c)
      - 6.1.28 (a70751dd7b60eab025e97e19b6b2477c6eaf2bbb)
      - 6.2.15 (b35f6c031b87d9e51f141ff6de0ea59756a8e313)
      - 6.3.2 (1636e09779f83e10e6ed57d91ef94abcefdd206b)
      - 6.4 (3ac00a2ab69b34189942afa9e862d5170cdcb018) (upstream)
    - Will be introduced by
      - 5.15 (a848c4f15ab6)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2023-32248	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:linux:linux_kernel	6.3.9

[witchcraze]

- CVE-2023-32248
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15 up to (excluding) 5.15.111
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.28
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.2.15
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.3 up to (excluding) 6.3.2
- Reference
  - https://ubuntu.com/security/CVE-2023-32248
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.111
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.28
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.2.15
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15
- Reference (Commit)
  - ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
    - Fixed by
      - 5.15.111 (227eb2689b44d0d60da3839b146983e73435924c)
      - 6.1.28 (a70751dd7b60eab025e97e19b6b2477c6eaf2bbb)
      - 6.2.15 (b35f6c031b87d9e51f141ff6de0ea59756a8e313)
      - 6.3.2 (1636e09779f83e10e6ed57d91ef94abcefdd206b)
      - 6.4 (3ac00a2ab69b34189942afa9e862d5170cdcb018) (upstream)
    - Will be introduced by
      - 5.15 (a848c4f15ab6)
- I Checked
  - From ubuntu page
     - Introduced by a848c4f15ab6d5d405dbee7de5da71839b2bf35e Fixed by 3ac00a2ab69b34189942afa9e862d5170cdcb018
  - 3ac00a2ab69b34189942afa9e862d5170cdcb018 is written as upstream commit in each ChangeLog
  - a848c4f15ab6 is written in ChangeLog-5.15