In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
References
Link | Resource |
---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 | Mailing List Patch |
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html | Mailing List |
https://security.netapp.com/advisory/ntap-20230511-0002/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
12 Jan 2024, 17:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References | () https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html - Mailing List |
11 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jun 2023, 17:23
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h700s Firmware
Debian Netapp h410c Firmware Netapp a700s Netapp 8700 Netapp h410s Firmware Netapp h700s Debian debian Linux Netapp a400 Netapp 8300 Firmware Netapp a400 Firmware Netapp c400 Firmware Netapp Netapp h410s Netapp c400 Netapp 8700 Firmware Netapp h300s Netapp h500s Firmware Netapp h300s Firmware Netapp h410c Netapp 8300 Netapp h500s Netapp a700s Firmware |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230511-0002/ - Third Party Advisory | |
CPE | cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:c400:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
11 May 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Apr 2023, 18:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 - Mailing List, Patch | |
CWE | CWE-843 | |
First Time |
Linux
Linux linux Kernel |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
27 Mar 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-27 21:15
Updated : 2024-01-12 17:43
NVD link : CVE-2023-1077
Mitre link : CVE-2023-1077
CVE.ORG link : CVE-2023-1077
JSON object : View
Products Affected
netapp
- h700s_firmware
- 8700
- h410s
- 8300
- 8700_firmware
- c400
- c400_firmware
- a700s
- h300s
- h700s
- a400
- 8300_firmware
- h410s_firmware
- h500s
- a400_firmware
- h300s_firmware
- a700s_firmware
- h410c
- h500s_firmware
- h410c_firmware
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')