search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-4623 - f250c118 #4498

Open witchcraze opened 1 week ago

witchcraze commented 1 week ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-4623 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-4623 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-4623.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-4623.json

- CVE-2023-4623
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.327
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.295
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.195
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.132
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.257
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.53
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4.16
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5.3
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.327
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.295
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.195
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.132
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.257
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.53
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4.16
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.3
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Reference (Commit)
  - net/sched: sch_hfsc: Ensure inner classes have fsc curve
    - Fixed by
      - 4.14.327 (3c0bd0b79733b7f628af1c967269db339eeef8d3)
      - 4.19.295 (7c62e0c3c6e9c9c15ead63339db6a0e158d22a66)
      - 5.10.195 (b08cc6c0396fd5cfaac4ca044f2282367347c062)
      - 5.15.132 (4cf994d3f4ff42d604fae2b461bdd5195a7dfabd)
      - 5.4.257 (da13749d5ff70bb033a8f35da32cfd6e88246b2f)
      - 6.1.53 (a1e820fc7808e42b990d224f40e9b4895503ac40)
      - 6.4.16 (5293f466d41d6c2eaad8b833576ea3dbee630dc2)
      - 6.5.3 (eb07894c51c7d6bb8d00948a3e6e7b52c791e93e)
      - 6.6 (b3d26c5702c7d6c45456326e56d2ccf3f103e60f) (upstream)
    - Will be introduced by
      - 2.6.12 (1da177e4c3f4)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-4623 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 2.6.12 6.6
cpe:/o:debian:debian_linux:10.0
witchcraze commented 5 days ago 
- CVE-2023-4623
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.12 up to (excluding) 4.14.327
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.295
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.257
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.195
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.132
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.53
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.4.16
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5 up to (excluding) 6.5.3
- Reference
  - https://ubuntu.com/security/CVE-2023-4623
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.327
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.295
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.257
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.195
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.132
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.53
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4.16
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.3
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Reference (Commit)
  - net/sched: sch_hfsc: Ensure inner classes have fsc curve
    - Fixed by
      - 4.14.327 (3c0bd0b79733b7f628af1c967269db339eeef8d3)
      - 4.19.295 (7c62e0c3c6e9c9c15ead63339db6a0e158d22a66)
      - 5.4.257 (da13749d5ff70bb033a8f35da32cfd6e88246b2f)
      - 5.10.195 (b08cc6c0396fd5cfaac4ca044f2282367347c062)
      - 5.15.132 (4cf994d3f4ff42d604fae2b461bdd5195a7dfabd)
      - 6.1.53 (a1e820fc7808e42b990d224f40e9b4895503ac40)
      - 6.4.16 (5293f466d41d6c2eaad8b833576ea3dbee630dc2)
      - 6.5.3 (eb07894c51c7d6bb8d00948a3e6e7b52c791e93e)
      - 6.6 (b3d26c5702c7d6c45456326e56d2ccf3f103e60f) (upstream)
    - Will be introduced by
      - 2.6.12 (1da177e4c3f4)
- I Checked
  - From ubuntu page
    - Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by b3d26c5702c7d6c45456326e56d2ccf3f103e60f
  - b3d26c5702c7d6c45456326e56d2ccf3f103e60f is written as upstream commit in each ChangeLog