Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-23559
HistoryJan 13, 2023 - 12:00 a.m.

CVE-2023-23559

2023-01-1300:00:00
ubuntu.com
ubuntu.com
29
cve-2023-23559
integer overflow
linux kernel

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

14.2%

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel
through 6.1.5, there is an integer overflow in an addition.

Notes

Author Note
rodrigo-zaiden USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-208.220UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-146.163UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-69.76UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-38.39UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-237.271UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1153.166UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1099.107UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1033.37UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1022.23UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1116.122UNKNOWN
Rows per page:
1-10 of 831

References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

14.2%