CVE-2023-23559

2023-01-1300:00:00

ubuntu.com

cve-2023-23559

integer overflow

linux kernel

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

14.2%

JSON

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel
through 6.1.5, there is an integer overflow in an addition.

Notes

Author	Note
rodrigo-zaiden	USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-208.220UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-146.163UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-69.76UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-38.39UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-237.271UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1153.166UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1099.107UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1033.37UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1022.23UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1116.122UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-208.220	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-146.163	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-69.76	UNKNOWN
ubuntu	22.10	noarch	linux	< 5.19.0-38.39	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-237.271	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1153.166	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1099.107	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1033.37	UNKNOWN
ubuntu	22.10	noarch	linux-aws	< 5.19.0-1022.23	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1116.122	UNKNOWN