7
CVE-2023-52672
- EPSS 0.01%
- Veröffentlicht 17.05.2024 14:15:10
- Zuletzt bearbeitet 21.11.2024 08:40:19
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
pipe: wakeup wr_wait after setting max_usage
Commit c73be61cede5 ("pipe: Add general notification queue support") a
regression was introduced that would lock up resized pipes under certain
conditions. See the reproducer in [1].
The commit resizing the pipe ring size was moved to a different
function, doing that moved the wakeup for pipe->wr_wait before actually
raising pipe->max_usage. If a pipe was full before the resize occured it
would result in the wakeup never actually triggering pipe_write.
Set @max_usage and @nr_accounted before waking writers if this isn't a
watch queue.
[Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <
162ae0e78bda
Version
c73be61cede5
Status
affected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <
3efbd114b915
Version
c73be61cede5
Status
affected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <
b87a1229d866
Version
c73be61cede5
Status
affected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <
68e51bdb1194
Version
c73be61cede5
Status
affected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <
6fb70694f8d1
Version
c73be61cede5
Status
affected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <
e95aada4cb93
Version
c73be61cede5
Status
affected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version
5.8
Status
affected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <
5.8
Version
0
Status
unaffected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <=
5.11
Version
5.10.210
Status
unaffected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <=
5.16
Version
5.15.149
Status
unaffected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <=
6.2
Version
6.1.76
Status
unaffected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <=
6.7
Version
6.6.15
Status
unaffected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version <=
6.8
Version
6.7.3
Status
unaffected
Herstellerlinux
≫
Produkt
linux_kernel
Default Statusunknown
Version
6.8
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.012 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.