search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-45898 - 30b5b79e #4497

Open witchcraze opened 1 week ago

witchcraze commented 1 week ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-45898 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-45898 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-45898.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-45898.json

- CVE-2023-45898
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.203
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.141
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.263
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.65
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5.4
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.203
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.141
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.263
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.65
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.4
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Reference (Commit)
  - ext4: fix slab-use-after-free in ext4_es_insert_extent()
    - Fixed by
      - 5.10.203 (10341e77e49fab3e095ae548ceb39335741b8fe9)
      - 5.15.141 (e33eb4997585f2e17513e3f2923080dc08cbb00b)
      - 5.4.263 (70edeedd795a634fdd99e757c7931b9e81686560)
      - 6.1.65 (8384d8c5cc398cf59ab829d71d750752002f0a21)
      - 6.5.4 (c15bf3330a9e3c01b23e59899a6a02432a62ddc3)
      - 6.6 (768d612f79822d30a1e7d132a4d4b05337ce42ec) (upstream)
    - Will be introduced by
      - 5.10.203 (5527898c6a9f)
      - 5.15.141 (859893f61906)
      - 5.4.263 (15a84cf4c785)
      - 6.1.65 (9164978bce49)
      - 6.5 (2a69c450083d)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-45898 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 6.5.4
witchcraze commented 5 days ago 
- CVE-2023-45898
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5 up to (excluding) 6.5.4
- Reference
  - https://ubuntu.com/security/CVE-2023-45898
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.263
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.203
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.141
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.65
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.4
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.263
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.203
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.141
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.65
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5
- Reference (Commit)
  - ext4: fix slab-use-after-free in ext4_es_insert_extent()
    - Fixed by
      - 5.4.263 (70edeedd795a634fdd99e757c7931b9e81686560)
      - 5.10.203 (10341e77e49fab3e095ae548ceb39335741b8fe9)
      - 5.15.141 (e33eb4997585f2e17513e3f2923080dc08cbb00b)
      - 6.1.65 (8384d8c5cc398cf59ab829d71d750752002f0a21)
      - 6.5.4 (c15bf3330a9e3c01b23e59899a6a02432a62ddc3)
      - 6.6 (768d612f79822d30a1e7d132a4d4b05337ce42ec) (upstream)
    - Will be introduced by
      - 5.4.263 (15a84cf4c785)
      - 5.10.203 (5527898c6a9f)
      - 5.15.141 (859893f61906)
      - 6.1.65 (9164978bce49)
      - 6.5 (2a69c450083d)
- I Checked
  - From ubuntu page
    - Introduced by 2a69c450083db164596c75c0f5b4d9c4c0e18eba Fixed by 768d612f79822d30a1e7d132a4d4b05337ce42ec
  - 768d612f79822d30a1e7d132a4d4b05337ce42ec is written as upstream commit in each ChangeLog
  - 2a69c450083db164596c75c0f5b4d9c4c0e18eba is written in ChangeLog-6.5
  - 2a69c450083db164596c75c0f5b4d9c4c0e18eba is written as upstream commit in each ChangeLog (introduce)