The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
References
Link | Resource |
---|---|
https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 | Patch |
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240119-0011/ | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5480 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
History
01 Feb 2024, 01:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - Mailing List, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20240119-0011/ - Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5480 - Third Party Advisory | |
CPE | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h500s
Netapp h410c Netapp solidfire \& Hci Management Node Netapp Netapp h700s Netapp h500s Firmware Netapp h410c Firmware Netapp h300s Firmware Netapp h410s Firmware Netapp h700s Firmware Debian Debian debian Linux Netapp h410s Netapp h300s |
19 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Aug 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 May 2023, 18:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-667 | |
References | (MISC) https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 - Patch | |
First Time |
Linux linux Kernel
Linux |
24 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-24 23:15
Updated : 2024-02-01 01:39
NVD link : CVE-2023-2007
Mitre link : CVE-2023-2007
CVE.ORG link : CVE-2023-2007
JSON object : View
Products Affected
netapp
- h500s_firmware
- h300s_firmware
- h410c
- h410s_firmware
- solidfire_\&_hci_management_node
- h700s_firmware
- h700s
- h410c_firmware
- h500s
- h410s
- h300s
linux
- linux_kernel
debian
- debian_linux