6.7

CVE-2023-28772

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.27 < 4.4.276
LinuxLinux Kernel Version >= 4.5 < 4.9.276
LinuxLinux Kernel Version >= 4.10 < 4.14.240
LinuxLinux Kernel Version >= 4.15 < 4.19.198
LinuxLinux Kernel Version >= 4.20 < 5.4.133
LinuxLinux Kernel Version >= 5.5 < 5.10.51
LinuxLinux Kernel Version >= 5.11 < 5.12.18
LinuxLinux Kernel Version >= 5.13 < 5.13.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.73% 0.492
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
Vendor Advisory
Release Notes
https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7
Patch
Vendor Advisory
https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com
https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/
https://security.netapp.com/advisory/ntap-20230427-0005/
Third Party Advisory