CHK NVD : CVE-2023-1194 - 27ffad2c

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2023-1194 - Cvss3 : 8.1

https://www.linuxkernelcves.com/cves/CVE-2023-1194 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-1194.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-1194.json

- CVE-2023-1194
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.145
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.34
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.3.0 up to (excluding) 6.3.8
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.145
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.34
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.8
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
- Reference (Commit)
  - ksmbd: fix out-of-bound read in parse_lease_state()
    - Fixed by
      - 5.15.145 (55ceeb4e1c71793e852c20ad01ffd31515303546)
      - 6.1.34 (8f2984233c87a1d08f4c45f077130590c7a2c991)
      - 6.3.8 (61dfe01204daf5469f21cc639f710f9e28e929c8)
      - 6.4 (fc6c6a3c324c1b3e93a03d0cfa3749c781f23de0) (upstream)
    - Will be introduced by
      - 5.15 (a848c4f15ab6)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2023-1194	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:linux:linux_kernel:6.4:rc5
cpe:/o:linux:linux_kernel:6.4:rc4
cpe:/o:linux:linux_kernel:6.4:rc3
cpe:/o:linux:linux_kernel:6.4:rc2
cpe:/o:linux:linux_kernel:6.4:rc1
cpe:/o:linux:linux_kernel	6.4
cpe:/o:fedoraproject:fedora:37

[witchcraze]

- CVE-2023-1194
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15 up to (excluding) 5.15.145
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.34
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.3.8
- Reference
  - https://ubuntu.com/security/CVE-2023-1194
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.145
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.34
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.8
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15
- Reference (Commit)
  - ksmbd: fix out-of-bound read in parse_lease_state()
    - Fixed by
      - 5.15.145 (55ceeb4e1c71793e852c20ad01ffd31515303546)
      - 6.1.34 (8f2984233c87a1d08f4c45f077130590c7a2c991)
      - 6.3.8 (61dfe01204daf5469f21cc639f710f9e28e929c8)
      - 6.4 (fc6c6a3c324c1b3e93a03d0cfa3749c781f23de0) (upstream)
    - Will be introduced by
      - 5.15 (a848c4f15ab6)
- I Checked
  - From ubuntu page
    - Introduced by a848c4f15ab6d5d405dbee7de5da71839b2bf35e Fixed by fc6c6a3c324c1b3e93a03d0cfa3749c781f23de0
  - fc6c6a3c324c1b3e93a03d0cfa3749c781f23de0 is written as upstream commit in each ChangeLog
  - a848c4f15ab6d5d405dbee7de5da71839b2bf35e is written in ChangeLog-5.15