Closed witchcraze closed 1 month ago
- CVE-2023-38427
- Suggested Configuration
- OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15 up to (excluding) 5.15.145
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.34
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.3.8
- Reference
- https://ubuntu.com/security/CVE-2023-38427
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.145
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.34
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.8
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
- Introduce
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15
- Reference (Commit)
- ksmbd: fix out-of-bound read in deassemble_neg_contexts()
- Fixed by
- 5.15.145 (4adb4fbd74812aeada97e7cc6de3dad41952443e)
- 6.1.34 (bf12d7fb63b365fb766655cedcb5d5f292b0c35e)
- 6.3.8 (205279b96b5c40c60c6de4f9342416e02ee279f1)
- 6.4 (f1a411873c85b642f13b01f21b534c2bab81fc1b) (upstream)
- Will be introduced by
- 5.15 (af320a739029)
- I Checked
- From Ubuntu page
- Introduced by af320a739029f6f8c5c05e769fadaf88e9b7d34f Fixed by f1a411873c85b642f13b01f21b534c2bab81fc1b
- f1a411873c85b642f13b01f21b534c2bab81fc1b is written as upstream commit in each ChangeLog
- af320a739029f6f8c5c05e769fadaf88e9b7d34f is written in ChangeLog-5.15
[CVE Configuration Update Request] Update Suggestion - CVE-2023-38427 - Cvss3 : 9.8
https://www.linuxkernelcves.com/cves/CVE-2023-38427 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-38427.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-38427.json