Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-52824

Опубликовано: 21 мая 2024
Источник: redhat
CVSS3: 0

Описание

[REJECTED CVE] A memory handling vulnerability was identified in the Linux kernel's watch_queue subsystem. The issue stems from the lack of overflow checks when duplicating a user-space array with memdup_user(). This could allow an attacker to exploit the absence of safeguards, potentially leading to a denial-of-service condition.

Отчет

This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2024052415-REJECTED-6782@gregkh/T/ Red Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. As such, this CVE has been marked as "Rejected" in alignment with Red Hat's vulnerability management policies. If you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=2282694kernel: kernel: watch_queue: copy user-array safely

0 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-52824

ubuntu
больше 1 года назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

nvd логотип

CVE-2023-52824

nvd
больше 1 года назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

github логотип

GHSA-f767-54f7-4qgq

github
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: kernel: watch_queue: copy user-array safely Currently, there is no overflow-check with memdup_user(). Use the new function memdup_array_user() instead of memdup_user() for duplicating the user-space array safely.

0 Low

CVSS3