CVE-2023-0160 Possibility of deadlock in libbpf function sock_hash_delete_elem

2023-07-1816:08:23

CWE-833

redhat

www.cve.org

cve-2023-0160

deadlock flaw

linux kernel

bpf subsystem

local user

system crash

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

Percentile

5.1%

JSON

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "n/a",
    "versions": [
      {
        "version": "6.4-rc1",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "kernel",
    "defaultStatus": "affected"
  }
]