search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-5345 - 4f154a60 #4526

Open witchcraze opened 3 days ago

witchcraze commented 3 days ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-5345 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-5345 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-5345.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-5345.json

- CVE-2023-5345
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.56
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5.6
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6
- Reference
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.56
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.6
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Reference (Commit)
  - fs/smb/client: Reset password pointer to NULL
    - Fixed by
      - 6.1.56 (f555a508087ab8210b4658120ac6413d6fe2b4c7)
      - 6.5.6 (0c116005af551e9cf437a9ec8c80204c2d4b1b53)
      - 6.6 (e6e43b8aa7cd3c3af686caf0c2e11819a886d705) (upstream)
    - Will be introduced by
      - 6.0.16 (a0db9c98d0d2)
      - 6.1 (a4e430c8c8ba)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-5345 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel:6.6:rc3
cpe:/o:linux:linux_kernel:6.6:rc2
cpe:/o:linux:linux_kernel:6.6:rc1
cpe:/o:linux:linux_kernel 6.6
cpe:/o:fedoraproject:fedora:39
cpe:/o:fedoraproject:fedora:38
cpe:/o:fedoraproject:fedora:37
witchcraze commented 2 days ago 
- CVE-2023-5345
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.0.16 up to (excluding) 6.1.56
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.5.6
- Reference
  - https://ubuntu.com/security/CVE-2023-5345
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.56
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.6
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.0.16
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1
- Reference (Commit)
  - fs/smb/client: Reset password pointer to NULL
    - Fixed by
      - 6.1.56 (f555a508087ab8210b4658120ac6413d6fe2b4c7)
      - 6.5.6 (0c116005af551e9cf437a9ec8c80204c2d4b1b53)
      - 6.6 (e6e43b8aa7cd3c3af686caf0c2e11819a886d705) (upstream)
    - Will be introduced by
      - 6.0.16 (a0db9c98d0d2)
      - 6.1 (a4e430c8c8ba)
- I Checked
  - From ubuntu page
    - Introduced by a4e430c8c8ba96be8c6ec4f2eb108bb8bcbee069 Fixed by e6e43b8aa7cd3c3af686caf0c2e11819a886d705
  - e6e43b8aa7cd3c3af686caf0c2e11819a886d705 is written as upstream commit in each ChangeLog
  - a4e430c8c8ba96be8c6ec4f2eb108bb8bcbee069 is written in ChangeLog-6.1
  - a4e430c8c8ba96be8c6ec4f2eb108bb8bcbee069 is written as upstream commit in ChangeLog-6.0.16