search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-52457 - 4d6dd370 #4520

Closed witchcraze closed 1 month ago

witchcraze commented 3 months ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-52457 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-52457 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-52457.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-52457.json

- CVE-2023-52457
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.209
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.148
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.268
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.75
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.14
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7.2
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.209
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.148
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.268
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.75
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.14
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
- Reference (Commit)
  - serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
    - Fixed by
      - 5.10.209 (bc57f3ef8a9eb0180606696f586a6dcfaa175ed0)
      - 5.15.148 (828cd829483f0cda920710997aed79130b0af690)
      - 5.4.268 (b502fb43f7fb55aaf07f6092ab44657595214b93)
      - 6.1.75 (d74173bda29aba58f822175d983d07c8ed335494)
      - 6.6.14 (887a558d0298d36297daea039954c39940228d9b)
      - 6.7.2 (95e4e0031effad9837af557ecbfd4294a4d8aeee)
      - 6.8 (ad90d0358bd3b4554f243a425168fc7cebe7d04e) (upstream)
    - Will be introduced by
      - 5.10.156 (d833cba201ad)
      - 5.15.80 (e0db709a58bd)
      - 5.4.225 (2d66412563ef)
      - 6.0.10 (02eed6390dbe)
      - 6.1 (e3f0c638f428)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-52457 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 5.4.268
cpe:/o:linux:linux_kernel 5.11.0 5.15.148
cpe:/o:linux:linux_kernel 5.16 6.1.75
cpe:/o:linux:linux_kernel 5.5.0 5.10.209
cpe:/o:linux:linux_kernel 6.2.0 6.6.14
cpe:/o:linux:linux_kernel 6.7.0 6.7.2
witchcraze commented 3 months ago 
- CVE-2023-52457
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.225 up to (excluding) 5.4.268
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.156 up to (excluding) 5.10.209
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.80 up to (excluding) 5.15.148
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.0.10 up to (excluding) 6.1.75
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.14
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.2
- Reference
  - https://ubuntu.com/security/CVE-2023-52457
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.268
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.209
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.148
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.75
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.14
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.225
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.156
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.80
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.0.10
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1
- Reference (Commit)
  - serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
    - Fixed by
      - 5.4.268 (b502fb43f7fb55aaf07f6092ab44657595214b93)
      - 5.10.209 (bc57f3ef8a9eb0180606696f586a6dcfaa175ed0)
      - 5.15.148 (828cd829483f0cda920710997aed79130b0af690)
      - 6.1.75 (d74173bda29aba58f822175d983d07c8ed335494)
      - 6.6.14 (887a558d0298d36297daea039954c39940228d9b)
      - 6.7.2 (95e4e0031effad9837af557ecbfd4294a4d8aeee)
      - 6.8 (ad90d0358bd3b4554f243a425168fc7cebe7d04e) (upstream)
    - Will be introduced by
      - 5.4.225 (2d66412563ef)
      - 5.10.156 (d833cba201ad)
      - 5.15.80 (e0db709a58bd)
      - 6.0.10 (02eed6390dbe)
      - 6.1 (e3f0c638f428)
- I Checked
  - From ubuntu page
    - Introduced by e3f0c638f428fd66b5871154b62706772045f91a Fixed by ad90d0358bd3b4554f243a425168fc7cebe7d04e
  - ad90d0358bd3b4554f243a425168fc7cebe7d04e is written as upstream commit in each ChangeLog
  - e3f0c638f428fd66b5871154b62706772045f91a is written in ChangeLog-6.1
  - e3f0c638f428fd66b5871154b62706772045f91a is written as upstream commit in each ChangeLog(introduce)