search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-4147 - 2e53c87d #4492

Closed witchcraze closed 1 month ago

witchcraze commented 3 months ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-4147 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-4147 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-4147.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-4147.json

- CVE-2023-4147
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.190
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.124
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.43
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4.8
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.190
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.124
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.43
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4.8
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5
- Reference (Commit)
  - netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
    - Fixed by
      - 5.10.190 (308a43f1521d5b7220693d0865b23e8dad3ed137)
      - 5.15.124 (5bee91121ccea8d69cea51632e9a1dd348ee49a1)
      - 6.1.43 (268cb07ef3ee17b5454a7c4b23376802c5b00c79)
      - 6.4.8 (14448359681062bf51d9c67e0264869548b79853)
      - 6.5 (0ebc1064e4874d5987722a2ddbc18f94aa53b211) (upstream)
    - Will be introduced by
      - 5.9 (d0e2c7de92c7)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-4147 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:redhat:enterprise_linux_server_aus:9.2
cpe:/o:redhat:enterprise_linux_for_real_time_for_nfv:9.0
cpe:/o:redhat:enterprise_linux_for_real_time:9.0
cpe:/o:redhat:enterprise_linux_eus:9.2
cpe:/o:redhat:enterprise_linux:9.0
cpe:/o:linux:linux_kernel:6.5:rc3
cpe:/o:linux:linux_kernel:6.5:rc2
cpe:/o:linux:linux_kernel:6.5:rc1
cpe:/o:linux:linux_kernel 6.5
cpe:/o:fedoraproject:fedora:38
cpe:/o:debian:debian_linux:12.0
cpe:/o:debian:debian_linux:11.0
cpe:/o:debian:debian_linux:10.0
witchcraze commented 3 months ago 
- CVE-2023-4147
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.9 up to (excluding) 5.10.190
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.124
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.43
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.4.8
- Reference
  - https://ubuntu.com/security/CVE-2023-4147
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.190
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.124
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.43
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4.8
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.9
- Reference (Commit)
  - netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
    - Fixed by
      - 5.10.190 (308a43f1521d5b7220693d0865b23e8dad3ed137)
      - 5.15.124 (5bee91121ccea8d69cea51632e9a1dd348ee49a1)
      - 6.1.43 (268cb07ef3ee17b5454a7c4b23376802c5b00c79)
      - 6.4.8 (14448359681062bf51d9c67e0264869548b79853)
      - 6.5 (0ebc1064e4874d5987722a2ddbc18f94aa53b211) (upstream)
    - Will be introduced by
      - 5.9 (d0e2c7de92c7)
- I Checked
  - From ubuntu page
    - Introduced by d0e2c7de92c7f2b3d355ad76b0bb9fc43d1beb87 Fixed by 0ebc1064e4874d5987722a2ddbc18f94aa53b211
  - 0ebc1064e4874d5987722a2ddbc18f94aa53b211 is written as upstream commit in each ChangeLog
  - d0e2c7de92c7f2b3d355ad76b0bb9fc43d1beb87 is written in ChangeLog-5.9