search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-32257 - 80013423 #4436

Open witchcraze opened 2 weeks ago

witchcraze commented 2 weeks ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-32257 - Cvss3 : 8.1

https://www.linuxkernelcves.com/cves/CVE-2023-32257 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-32257.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-32257.json

- CVE-2023-32257
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.145
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.29
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2.0 up to (excluding) 6.2.16
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.3.0 up to (excluding) 6.3.2
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.145
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.29
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.2.16
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
- Reference (Commit)
  - ksmbd: fix racy issue from session setup and logoff
    - Fixed by
      - 5.15.145 (708c304b583d789957399dd8237f212cf8ad1e4d)
      - 6.1.29 (f623f627ad2b1dc215ab3b0df53fb05cfd3a1c3b)
      - 6.2.16 (d270631c21e68fb8016d6e231d022d7023a2df6f)
      - 6.3.2 (02f41d88f15d6b7d523e52cc3f87488f57e9265b)
      - 6.4 (f5c779b7ddbda30866cf2a27c63e34158f858c73) (upstream)
    - Will be introduced by
      - 5.15 (a848c4f15ab6)
      - 5.15 (e2f34481b24d)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-32257 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 5.15 6.1.29
cpe:/o:linux:linux_kernel 6.2 6.2.16
cpe:/o:linux:linux_kernel 6.3 6.3.2
cpe:/h:netapp:h700s:-
cpe:/h:netapp:h500s:-
cpe:/h:netapp:h410s:-
cpe:/h:netapp:h300s:-
cpe:/a:netapp:solidfire_%26_hci_storage_node:-
witchcraze commented 1 week ago 
- CVE-2023-32257
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15 up to (excluding) 5.15.145
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.29
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.2.16
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.3 up to (excluding) 6.3.2
- Reference
  - https://ubuntu.com/security/CVE-2023-32257
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.145
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.29
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.2.16
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15
- Reference (Commit)
  - ksmbd: fix racy issue from session setup and logoff
    - Fixed by
      - 5.15.145 (708c304b583d789957399dd8237f212cf8ad1e4d)
      - 6.1.29 (f623f627ad2b1dc215ab3b0df53fb05cfd3a1c3b)
      - 6.2.16 (d270631c21e68fb8016d6e231d022d7023a2df6f)
      - 6.3.2 (02f41d88f15d6b7d523e52cc3f87488f57e9265b)
      - 6.4 (f5c779b7ddbda30866cf2a27c63e34158f858c73) (upstream)
    - Will be introduced by
      - 5.15 (a848c4f15ab6)
- I Checked
  - From ubuntu page
    - Introduced by a848c4f15ab6d5d405dbee7de5da71839b2bf35e Fixed by f5c779b7ddbda30866cf2a27c63e34158f858c73
  - f5c779b7ddbda30866cf2a27c63e34158f858c73 is written as upstream commit in each ChangeLog
  - a848c4f15ab6d5d405dbee7de5da71839b2bf35e is written in ChangeLog-5.15