5.5
CVE-2023-3161
- EPSS 0.21%
- Veröffentlicht 12.06.2023 20:15:12
- Zuletzt bearbeitet 11.03.2025 15:15:39
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 6.2
Linux ≫ Linux Kernel Version6.2 Updaterc1
Linux ≫ Linux Kernel Version6.2 Updaterc2
Linux ≫ Linux Kernel Version6.2 Updaterc3
Linux ≫ Linux Kernel Version6.2 Updaterc4
Linux ≫ Linux Kernel Version6.2 Updaterc5
Linux ≫ Linux Kernel Version6.2 Updaterc6
Fedoraproject ≫ Fedora Version38
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.106 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-1335 Incorrect Bitwise Shift of Integer
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.
CWE-682 Incorrect Calculation
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
https://bugzilla.redhat.com/show_bug.cgi?id=2213485
https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be