← Back

CVE-2023-1077

nvd nist
Published: Mar 27, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.

Affected (17)

Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Netapp
10 products
A700s Firmware
8300 Firmware
8700 Firmware
A400 Firmware
C400 Firmware
H300s Firmware
H500s Firmware
H700s Firmware
H410s Firmware
H410c Firmware
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 2.6.25 to 4.19.293
Linux Kernel
From 4.20 to 5.4.235
Linux Kernel
From 5.11 to 5.15.99
Linux Kernel
From 5.16 to 6.1.16
Linux Kernel
From 5.5 to 5.10.173
Linux Kernel
From 6.2 to 6.2.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A700s Firmware
All versions
Running on/withPlatform Versions
Netapp
A700s
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
8300 Firmware
All versions
Running on/withPlatform Versions
Netapp
8300
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
8700 Firmware
All versions
Running on/withPlatform Versions
Netapp
8700
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A400 Firmware
All versions
Running on/withPlatform Versions
Netapp
A400
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
C400 Firmware
All versions
Running on/withPlatform Versions
Netapp
C400
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300s Firmware
All versions
Running on/withPlatform Versions
Netapp
H300s
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H500s Firmware
All versions
Running on/withPlatform Versions
Netapp
H500s
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700s Firmware
All versions
Running on/withPlatform Versions
Netapp
H700s
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410s Firmware
All versions
Running on/withPlatform Versions
Netapp
H410s
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410c Firmware
All versions
Running on/withPlatform Versions
Netapp
H410c
All versions

Related CWEs

CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (8)

Source: secalert@redhat.com
Mailing ListPatch
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.