5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.2%
DISPUTED An issue was discovered in the Linux kernel before 6.3.3.
There is an out-of-bounds read in crc16 in lib/crc16.c when called from
fs/ext4/super.c because ext4_group_desc_csum does not properly check an
offset. NOTE: this is disputed by third parties because the kernel is not
intended to defend against attackers with the stated “When modifying the
block device while it is mounted by the filesystem” access.
Author | Note |
---|---|
Priority reason: Requires privileged access to the block device that is mounted. | |
rodrigo-zaiden | disputed CVE as it is claimed that it is expected to have the kernel crashed if a block device is modified while mounted. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-223.235) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-162.179 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-83.92 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-32.32 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-252.286) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1166.179) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1109.118 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1044.49 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1011.11 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1004.4 | UNKNOWN |
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3
git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31 (6.4-rc2)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31
launchpad.net/bugs/cve/CVE-2023-34256
nvd.nist.gov/vuln/detail/CVE-2023-34256
security-tracker.debian.org/tracker/CVE-2023-34256
syzkaller.appspot.com/bug?extid=8785e41224a3afd04321
ubuntu.com/security/notices/USN-6700-1
ubuntu.com/security/notices/USN-6700-2
ubuntu.com/security/notices/USN-6701-1
ubuntu.com/security/notices/USN-6701-2
ubuntu.com/security/notices/USN-6701-3
ubuntu.com/security/notices/USN-6701-4
www.cve.org/CVERecord?id=CVE-2023-34256
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.2%