CVE-2023-40791

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 6.3

EPSS Низкий

Описание

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

Ссылки

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12
Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f
Mailing List
Patch
https://lkml.org/lkml/2023/8/3/323
Exploit
Mailing List
Third Party Advisory
https://lore.kernel.org/linux-crypto/20571.1690369076%40warthog.procyon.org.uk/
Mailing List
Patch
https://security.netapp.com/advisory/ntap-20231110-0009/
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12
Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f
Mailing List
Patch
https://lkml.org/lkml/2023/8/3/323
Exploit
Mailing List
Third Party Advisory
https://lore.kernel.org/linux-crypto/20571.1690369076%40warthog.procyon.org.uk/
Mailing List
Patch
https://security.netapp.com/advisory/ntap-20231110-0009/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 6.4.12 (исключая)

Конфигурация 2

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00042

Низкий

6.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-40791

CVSS3: 6.3

ubuntu

больше 2 лет назад

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

CVE-2023-40791

CVSS3: 6.3

redhat

больше 2 лет назад

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

CVE-2023-40791

CVSS3: 6.3

msrc

больше 2 лет назад

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation as demonstrated by a WARNING for try_grab_page.

CVE-2023-40791

CVSS3: 6.3

debian

больше 2 лет назад

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4 ...

GHSA-fmxm-fv27-gg49

CVSS3: 9.1

github

больше 2 лет назад

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.2 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

EPSS

Процентиль: 13%

0.00042

Низкий

6.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo