search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-45871 - 653d8344 #4578

Closed witchcraze closed 1 week ago

witchcraze commented 2 months ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-45871 - Cvss3 : 7.5

https://www.linuxkernelcves.com/cves/CVE-2023-45871 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-45871.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-45871.json

- CVE-2023-45871
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.326
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.295
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.195
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.132
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.257
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.53
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4.16
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5.3
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.326
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.295
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.195
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.132
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.257
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.53
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4.16
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.3
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Reference (Commit)
  - igb: set max size RX buffer when store bad packet is enabled
    - Fixed by
      - 4.14.326 (017d5c8eef06178e4148db273df03b7ad9eeb5bc)
      - 4.19.295 (981d0bc43e8d5482294432677e80a1d15f4b790d)
      - 5.10.195 (3e39008e9e3043663324f0920a5d6ebfa68cc92a)
      - 5.15.132 (be7353af5b35c8f4a11573a38b997f74f8c2ae4b)
      - 5.4.257 (c2ad60ed38b872aa971408b8b8eaad7a91501b37)
      - 6.1.53 (d2e906c725979c39ebf120a189e521ceae787d26)
      - 6.4.16 (6a9abbccaac418e965f42e8a8f6dd826e341a6f9)
      - 6.5.3 (dad92377fc6e012e481c6f4a75e32e48fe2777db)
      - 6.6 (bb5ed01cd2428cd25b1c88a3a9cba87055eb289f) (upstream)
    - Will be introduced by
      - https://github.com/torvalds/linux/commit/89eaefb61dc9
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-45871 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 6.5.3
witchcraze commented 2 months ago 
- CVE-2023-45871
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.4 up to (excluding) 4.14.326
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.295
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.257
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.195
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.132
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.53
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.4.16
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5 up to (excluding) 6.5.3
- Reference
  - https://ubuntu.com/security/CVE-2023-45871
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.326
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.295
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.257
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.195
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.132
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.53
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4.16
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.3
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Reference (Commit)
  - igb: set max size RX buffer when store bad packet is enabled
    - Fixed by
      - 4.14.326 (017d5c8eef06178e4148db273df03b7ad9eeb5bc)
      - 4.19.295 (981d0bc43e8d5482294432677e80a1d15f4b790d)
      - 5.4.257 (c2ad60ed38b872aa971408b8b8eaad7a91501b37)
      - 5.10.195 (3e39008e9e3043663324f0920a5d6ebfa68cc92a)
      - 5.15.132 (be7353af5b35c8f4a11573a38b997f74f8c2ae4b)
      - 6.1.53 (d2e906c725979c39ebf120a189e521ceae787d26)
      - 6.4.16 (6a9abbccaac418e965f42e8a8f6dd826e341a6f9)
      - 6.5.3 (dad92377fc6e012e481c6f4a75e32e48fe2777db)
      - 6.6 (bb5ed01cd2428cd25b1c88a3a9cba87055eb289f) (upstream)
    - Will be introduced by
      - https://github.com/torvalds/linux/commit/89eaefb61dc9 (v3.4-rc1)
- I Checked
  - From ubuntu page
    - Introduced by 89eaefb61dc9170237d95b844dd357338fc7225d Fixed by bb5ed01cd2428cd25b1c88a3a9cba87055eb289f
  - bb5ed01cd2428cd25b1c88a3a9cba87055eb289f is written as upstream commit in each ChangeLog
  - From 89eaefb61dc9 commit page, v3.4-rc1 is the most oldest in commit-branches area