search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-3611 - 8d58e088 #4488

Closed witchcraze closed 1 month ago

witchcraze commented 3 months ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-3611 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-3611 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-3611.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-3611.json

- CVE-2023-3611
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.322
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.291
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.188
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.121
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.253
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.40
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4.5
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.322
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.291
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.188
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.121
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.253
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.40
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4.5
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5
- Reference (Commit)
  - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
    - Fixed by
      - 4.14.322 (c3f21ea515cb4ad7db86ddb511cead2f09e1c1e6)
      - 4.19.291 (ee3bc829f9b4df96d208d58b654e400fa1f3b46c)
      - 5.10.188 (8359ee85fd6dabc5c134ed69fb22faadd8a44071)
      - 5.15.121 (91d3554ab1fc2804c36a815c0f79502d727a41e6)
      - 5.4.253 (cf8ecd6ea68099a38e94e9b82cf58f6fd4cdf3c9)
      - 6.1.40 (70feebdbfad85772ab3ef152812729cab5c6c426)
      - 6.4.5 (bd2333fa86dc520823e8c317980b29ba91ee6b87)
      - 6.5 (3e337087c3b5805fe0b8a46ba622a962880b5d64) (upstream)
    - Will be introduced by
      - https://github.com/torvalds/linux/commit/462dbc9101ac
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-3611 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel:6.5:rc1
cpe:/o:linux:linux_kernel 3.8 6.5
cpe:/o:debian:debian_linux:12.0
cpe:/o:debian:debian_linux:11.0
cpe:/o:debian:debian_linux:10.0
witchcraze commented 3 months ago 
- CVE-2023-3611
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.8 up to (excluding) 4.14.322
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15.0 up to (excluding) 4.19.291
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.253
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.188
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.121
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.40
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.4.5
- Reference
  - https://ubuntu.com/security/CVE-2023-3611
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.322
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.291
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.253
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.188
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.121
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.40
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4.5
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5
- Reference (Commit)
  - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
    - Fixed by
      - 4.14.322 (c3f21ea515cb4ad7db86ddb511cead2f09e1c1e6)
      - 4.19.291 (ee3bc829f9b4df96d208d58b654e400fa1f3b46c)
      - 5.4.253 (cf8ecd6ea68099a38e94e9b82cf58f6fd4cdf3c9)
      - 5.10.188 (8359ee85fd6dabc5c134ed69fb22faadd8a44071)
      - 5.15.121 (91d3554ab1fc2804c36a815c0f79502d727a41e6)
      - 6.1.40 (70feebdbfad85772ab3ef152812729cab5c6c426)
      - 6.4.5 (bd2333fa86dc520823e8c317980b29ba91ee6b87)
      - 6.5 (3e337087c3b5805fe0b8a46ba622a962880b5d64) (upstream)
    - Will be introduced by
      - https://github.com/torvalds/linux/commit/462dbc9101ac (v3.8-rc1)
- I Checked
  - From ubuntu page
    - Introduced by 462dbc9101acd38e92eda93c0726857517a24bbd Fixed by 3e337087c3b5805fe0b8a46ba622a962880b5d64
  - 3e337087c3b5805fe0b8a46ba622a962880b5d64 is written as upstream commit in each ChangeLog
  - From 462dbc9101ac commit page, v3.8-rc1 is the most oldest in commit-branches area