Open witchcraze opened 3 days ago
- CVE-2023-5717
- Suggested Configuration
- OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.2.95 up to (excluding) 3.3
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.16.50 up to (excluding) 3.17
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4 up to (excluding) 4.14.328
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.297
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.259
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.199
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.137
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.60
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.5.9
- Reference
- https://ubuntu.com/security/CVE-2023-5717
- https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.328
- https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.297
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.259
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.199
- https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.137
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.60
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.9
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Introduce
- https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.2.95
- https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.16.50
- Reference (Commit)
- perf: Disallow mis-matched inherited group reads
- Fixed by
- 4.14.328 (555e15e93f6dbb8ce6b5b92e5272473abfe8bd2b)
- 4.19.297 (a714491fa92d2068358dd603cc50bf2062517bd8)
- 5.4.259 (7252c8b981853bb8930de44fab924f947362683f)
- 5.10.199 (487a8e24643a0effb2ba19cad3227fc75dc3c4b7)
- 5.15.137 (71d224acc4d1df1b61a294abee0f1032a9b03b40)
- 6.1.60 (f6952655a61264900ed08e9d642adad8222f8e29)
- 6.5.9 (20f925d38e1ecc1d36ee6bf6e325fb514a6f727d)
- 6.6 (32671e3799ca2e4590773fd0e63aaa4229e50c06) (upstream)
- Will be introduced by
- 3.16.50 (2bb3fde41e58)
- 3.2.95 (e4847c6f6884)
- https://github.com/torvalds/linux/commit/fa8c269353d5 (v4.4-rc1)
- I Checked
- From ubuntu page
- Introduced by fa8c269353d560b7c28119ad7617029f92e40b15 Fixed by 32671e3799ca2e4590773fd0e63aaa4229e50c06
- 32671e3799ca2e4590773fd0e63aaa4229e50c06 is written as upstream commit in each ChangeLog
- From fa8c269353d5 commit page, v4.4-rc1 is the most oldest in commit-branches area
- fa8c269353d560b7c28119ad7617029f92e40b15 is written as upstream commit in each ChangeLog(introduce)
[CVE Configuration Update Request] Update Suggestion - CVE-2023-5717 - Cvss3 : 7.8
https://www.linuxkernelcves.com/cves/CVE-2023-5717 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-5717.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-5717.json