Open witchcraze opened 1 month ago
- CVE-2023-39191
- Suggested Configuration
- OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.19 up to (excluding) 6.3
- Reference
- https://ubuntu.com/security/CVE-2023-39191
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.2.3
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3
- Introduce
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.19
- Reference (Commit)
- bpf: Fix partial dynptr stack slot reads/writes
- Fixed by
- 6.2.3 (c33007812a55612d9b2a7b85c8d04cefeeaf0d21)
- 6.3 (ef8fc7a07c0e161841779d6fe3f6acd5a05c547c) (upstream)
- Will be introduced by
- 5.19 (97e03f521050)
- bpf: Fix missing var_off check for ARG_PTR_TO_DYNPTR
- Fixed by
- 6.2.3 (489b67f268ae0270a6c3f2b49144aeeb8eee301a)
- 6.3 (79168a669d8125453c8a271115f1ffd4294e61f6) (upstream)
- Will be introduced by
- 5.19 (97e03f521050)
- bpf: Fix state pruning for STACK_DYNPTR stack slots
- Fixed by
- 6.2.3 (720d2504791a93becde81c335abcea2f42d066a7)
- 6.3 (d6fefa1105dacc8a742cdcf2f4bfb501c9e61349) (upstream)
- Will be introduced by
- 5.19 (97e03f521050)
- bpf: Avoid recomputing spi in process_dynptr_func
- Fixed by
- 6.3 (1ee72bcbe48de6dcfa44d6eba0aec6e42d04cd4d)
- Will be introduced by
- 5.19 (97e03f521050)
- bpf: Combine dynptr_get_spi and is_spi_bounds_valid
- Fixed by
- 6.3 (f5b625e5f8bbc6be8bb568a64d7906b091bc7cb0)
- Will be introduced by
- 5.19 (97e03f521050)
- bpf: Allow reinitializing unreferenced dynptr stack slots
- Fixed by
- 6.3 (379d4ba831cfa895d0cc61d88cd0e1402f35818c)
- Will be introduced by
- 5.19 (97e03f521050)
- bpf: Invalidate slices on destruction of dynptrs on stack
- Fixed by
- 6.3 (f8064ab90d6644bc8338d2d7ff6a0d6e7a1b2ef3)
- Will be introduced by
- 5.19 (97e03f521050)
- I Checked
- From Ubuntu page
- Introduced by 97e03f521050c092919591e668107b3d69c5f426 Fixed by d6fefa1105dacc8a742cdcf2f4bfb501c9e61349
- Introduced by 97e03f521050c092919591e668107b3d69c5f426 Fixed by 79168a669d8125453c8a271115f1ffd4294e61f6
- Introduced by 97e03f521050c092919591e668107b3d69c5f426 Fixed by ef8fc7a07c0e161841779d6fe3f6acd5a05c547c
- Introduced by 97e03f521050c092919591e668107b3d69c5f426 Fixed by f8064ab90d6644bc8338d2d7ff6a0d6e7a1b2ef3
- Introduced by 97e03f521050c092919591e668107b3d69c5f426 Fixed by 379d4ba831cfa895d0cc61d88cd0e1402f35818c
- Introduced by 97e03f521050c092919591e668107b3d69c5f426 Fixed by f5b625e5f8bbc6be8bb568a64d7906b091bc7cb0
- Introduced by 97e03f521050c092919591e668107b3d69c5f426 Fixed by 1ee72bcbe48de6dcfa44d6eba0aec6e42d04cd4d
- Each fix commit is written in ChangeLog-6.3
- 97e03f521050c092919591e668107b3d69c5f426 is written in ChangeLog-5.19
[CVE Configuration Update Request] Update Suggestion - CVE-2023-39191 - Cvss3 : 8.2
https://www.linuxkernelcves.com/cves/CVE-2023-39191 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-39191.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-39191.json