CHK NVD : CVE-2023-5717 - 71980ca2

[CVE Configuration Update Request] Update Suggestion - CVE-2023-5717 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-5717 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-5717.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-5717.json

- CVE-2023-5717
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.328
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.297
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.199
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.137
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.259
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.60
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5.9
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.328
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.297
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.199
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.137
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.259
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.60
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.9
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Reference (Commit)
  - perf: Disallow mis-matched inherited group reads
    - Fixed by
      - 4.14.328 (555e15e93f6dbb8ce6b5b92e5272473abfe8bd2b)
      - 4.19.297 (a714491fa92d2068358dd603cc50bf2062517bd8)
      - 5.10.199 (487a8e24643a0effb2ba19cad3227fc75dc3c4b7)
      - 5.15.137 (71d224acc4d1df1b61a294abee0f1032a9b03b40)
      - 5.4.259 (7252c8b981853bb8930de44fab924f947362683f)
      - 6.1.60 (f6952655a61264900ed08e9d642adad8222f8e29)
      - 6.5.9 (20f925d38e1ecc1d36ee6bf6e325fb514a6f727d)
      - 6.6 (32671e3799ca2e4590773fd0e63aaa4229e50c06) (upstream)
    - Will be introduced by
      - 3.16.50 (2bb3fde41e58)
      - 3.2.95 (e4847c6f6884)
      - https://github.com/torvalds/linux/commit/fa8c269353d5
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2023-5717	URI	Start(Ex)
cpe:/o:linux:linux_kernel:6.6:rc6
cpe:/o:linux:linux_kernel:6.6:rc5
cpe:/o:linux:linux_kernel:6.6:rc4
cpe:/o:linux:linux_kernel:6.6:rc3
cpe:/o:linux:linux_kernel:6.6:rc2
cpe:/o:linux:linux_kernel:6.6:rc1
cpe:/o:linux:linux_kernel	4.4	6.6

- CVE-2023-5717 - Suggested Configuration - OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.2.95 up to (excluding) 3.3 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.16.50 up to (excluding) 3.17 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4 up to (excluding) 4.14.328 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.297 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.259 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.199 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.137 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.60 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.5.9 - Reference - https://ubuntu.com/security/CVE-2023-5717 - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.328 - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.297 - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.259 - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.199 - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.137 - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.60 - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.9 - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6 - Introduce - https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.2.95 - https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.16.50 - Reference (Commit) - perf: Disallow mis-matched inherited group reads - Fixed by - 4.14.328 (555e15e93f6dbb8ce6b5b92e5272473abfe8bd2b) - 4.19.297 (a714491fa92d2068358dd603cc50bf2062517bd8) - 5.4.259 (7252c8b981853bb8930de44fab924f947362683f) - 5.10.199 (487a8e24643a0effb2ba19cad3227fc75dc3c4b7) - 5.15.137 (71d224acc4d1df1b61a294abee0f1032a9b03b40) - 6.1.60 (f6952655a61264900ed08e9d642adad8222f8e29) - 6.5.9 (20f925d38e1ecc1d36ee6bf6e325fb514a6f727d) - 6.6 (32671e3799ca2e4590773fd0e63aaa4229e50c06) (upstream) - Will be introduced by - 3.16.50 (2bb3fde41e58) - 3.2.95 (e4847c6f6884) - https://github.com/torvalds/linux/commit/fa8c269353d5 (v4.4-rc1) - I Checked - From ubuntu page - Introduced by fa8c269353d560b7c28119ad7617029f92e40b15 Fixed by 32671e3799ca2e4590773fd0e63aaa4229e50c06 - 32671e3799ca2e4590773fd0e63aaa4229e50c06 is written as upstream commit in each ChangeLog - From fa8c269353d5 commit page, v4.4-rc1 is the most oldest in commit-branches area - fa8c269353d560b7c28119ad7617029f92e40b15 is written as upstream commit in each ChangeLog(introduce)

witchcraze / NVD_CHECK

CHK NVD : CVE-2023-5717 - 71980ca2 #4528