Lucene search
RedhatCVELIST:CVE-2023-4273HistoryAug 09, 2023 - 2:53 p.m.
CVE-2023-4273 Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry
2023-08-0914:53:44
CWE-121
redhat
www.cve.org
9
linux kernel
exfat driver
stack overflow
file name reconstruction
vulnerability
CVSS3
6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AI Score
6.9
Confidence
High
EPSS
0
Percentile
5.1%
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:5.14.0-362.8.1.el9_3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:5.14.0-362.8.1.el9_3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
}
]Related
cbl_mariner
cbl_mariner
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 3 for SLE 15 SP5) (SUSE-SU-2023:3806-1)
2024-03-04 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2023-ee241dcf80)
2023-08-15 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2023-d9509be489)
2023-08-14 00:00:00
nvd
nvd
CVE-2023-4273
2023-08-09 15:15:09
debiancve
debiancve
CVE-2023-4273
2023-08-09 15:15:09
nessus
nessus
prion
prion
Design/Logic Flaw
2023-08-09 15:15:00
redhatcve
redhatcve
CVE-2023-4273
2023-08-09 13:20:02
cve
cve
CVE-2023-4273
2023-08-09 15:15:09
redos
redos
ROS-20231024-01
2023-10-24 00:00:00
ubuntucve
ubuntucve
CVE-2023-4273
2023-08-09 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: kernel-6.4.10-200.fc38
2023-08-14 01:34:28
[SECURITY] Fedora 37 Update: kernel-6.4.10-100.fc37
2023-08-14 00:47:18
osv
osv
linux-oem-6.1 vulnerabilities
2023-09-06 12:32:04
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities
2023-10-06 13:13:53
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2023-09-06 00:00:00
Linux kernel vulnerabilities
2023-10-05 00:00:00
Linux kernel vulnerabilities
2023-10-06 00:00:00
debian
debian
[SECURITY] [DSA 5492-1] linux security update
2023-09-09 21:40:04
[SECURITY] [DSA 5480-1] linux security update
2023-08-18 19:01:58
[SECURITY] [DLA 3623-1] linux-5.10 security update
2023-10-19 21:24:05
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2023-11-12 00:00:00
redhat
redhat
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-11-21 21:37:49
CVSS3
6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AI Score
6.9
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVELIST:CVE-2023-4273