CVE-2023-4732

EPSS 0.01%
Veröffentlicht 03.10.2023 17:15:09
Zuletzt bearbeitet 21.11.2024 08:35:51
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 9

NVD 10 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 5.13.19

Redhat ≫ Codeready Linux Builder Version8.0

Redhat ≫ Codeready Linux Builder For Arm64 Version8.0_aarch64

Redhat ≫ Codeready Linux Builder For Power Little Endian Version8.0_ppc64le

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le

Redhat ≫ Enterprise Linux For Real Time Version8.0

Redhat ≫ Enterprise Linux For Real Time For Nfv Version8.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.022

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-366 Race Condition within a Thread

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

https://access.redhat.com/errata/RHSA-2023:6901

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7077

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0412

https://access.redhat.com/errata/RHSA-2023:7539

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2023-4732

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2236982

Third Party Advisory

Issue Tracking