Lucene search

[email protected]CVE-2023-40791

HistoryOct 16, 2023 - 3:15 a.m.

CVE-2023-40791

2023-10-1603:15:09

[email protected]

web.nvd.nist.gov

cve-2023-40791

linux kernel

lib/scatterlist.c

information security

vulnerability

nvd

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

Affected configurations

NVD

Node

linuxlinux_kernelRange<6.4.12

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph410sMatch-

AND

netapph410s_firmwareMatch-

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt6.4.12

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	6.4.12

References

cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f

lkml.org/lkml/2023/8/3/323

lore.kernel.org/linux-crypto/20571.1690369076%40warthog.procyon.org.uk/

security.netapp.com/advisory/ntap-20231110-0009/

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-40791

cvelist1 prion1 debiancve1 nvd1 redhatcve1 ubuntucve1 cbl_mariner1