search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-52447 - 6c3bcec2 #4508

Open witchcraze opened 6 days ago

witchcraze commented 6 days ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-52447 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-52447 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-52447.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-52447.json

- CVE-2023-52447
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.214
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.153
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.75
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.14
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7.2
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.214
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.153
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.75
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.14
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
- Reference (Commit)
  - bpf: Defer the free of inner map when necessary
    - Fixed by
      - 5.10.214 (90c445799fd1dc214d7c6279c144e33a35e29ef2)
      - 5.15.153 (37d98fb9c3144c0fddf7f6e99aece9927ac8dce6)
      - 6.1.75 (62fca83303d608ad4fec3f7428c8685680bb01b0)
      - 6.6.14 (f91cd728b10c51f6d4a39957ccd56d1e802fc8ee)
      - 6.7.2 (bfd9b20c4862f41d4590fde11d70a5eeae53dcc5)
      - 6.8 (876673364161da50eed6b472d746ef88242b2368) (upstream)
    - Will be introduced by
      - 5.12 (638e4b825d52)
      - 5.9 (bba1dc0b55ac)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-52447 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 5.9.0 6.1.75
cpe:/o:linux:linux_kernel 6.2.0 6.6.14
cpe:/o:linux:linux_kernel 6.7.0 6.7.2
witchcraze commented 5 days ago 
- CVE-2023-52447
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.9 up to (excluding) 5.10.214
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.153
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.75
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.14
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.2
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.214
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.153
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.75
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.14
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.9
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.12
- Reference (Commit)
  - bpf: Defer the free of inner map when necessary
    - Fixed by
      - 5.10.214 (90c445799fd1dc214d7c6279c144e33a35e29ef2)
      - 5.15.153 (37d98fb9c3144c0fddf7f6e99aece9927ac8dce6)
      - 6.1.75 (62fca83303d608ad4fec3f7428c8685680bb01b0)
      - 6.6.14 (f91cd728b10c51f6d4a39957ccd56d1e802fc8ee)
      - 6.7.2 (bfd9b20c4862f41d4590fde11d70a5eeae53dcc5)
      - 6.8 (876673364161da50eed6b472d746ef88242b2368) (upstream)
    - Will be introduced by
      - 5.9 (bba1dc0b55ac)
      - 5.12 (638e4b825d52)
- I Checked
  - From ubuntu page
    - Introduced by bba1dc0b55ac462d24ed1228ad49800c238cd6d7 Fixed by 876673364161da50eed6b472d746ef88242b2368
    - Introduced by 638e4b825d523bed7a55e776c153049fb7716466 Fixed by 876673364161da50eed6b472d746ef88242b2368
  - 876673364161da50eed6b472d746ef88242b2368 is written as upstream commit in each ChangeLog
  - bba1dc0b55ac462d24ed1228ad49800c238cd6d7 is written in ChangeLog-5.9
  - 638e4b825d523bed7a55e776c153049fb7716466 is written in ChangeLog-5.12