← Back

CVE-2023-2008

nvd nist
Published: Apr 14, 2023Modified: May 5, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.

Affected (9)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
Before 5.19
Linux Kernel
From 4.20 to 5.4.202
Linux Kernel
From 5.11 to 5.15.51
Linux Kernel
From 5.16 to 5.18.8
Linux Kernel
From 5.5 to 5.10.127
Linux Kernel
Version 5.19
Linux Kernel
Version 5.19 rc1
Linux Kernel
Version 5.19 rc2
Linux Kernel
Version 5.19 rc3

Related CWEs

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (8)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.