Lucene search
RedhatVULNRICHMENT:CVE-2023-4132HistoryAug 03, 2023 - 2:32 p.m.
CVE-2023-4132 Kernel: smsusb: use-after-free caused by do_submit_urb()
2023-08-0314:32:15
CWE-416
redhat
github.com
1
cve-2023-4132
kernel
linux
use-after-free
siano device
denial of service
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-513.5.1.rt7.307.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-513.5.1.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-372.91.1.el8_6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-477.43.1.el8_8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/o:redhat:rhel_eus:8.8::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-372.91.1.el8_6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
}
]References
access.redhat.com/errata/RHSA-2023:6901
access.redhat.com/errata/RHSA-2023:7077
access.redhat.com/errata/RHSA-2024:0575
access.redhat.com/errata/RHSA-2024:0724
access.redhat.com/security/cve/CVE-2023-4132
bugzilla.redhat.com/show_bug.cgi?id=2221707
lists.debian.org/debian-lts-announce/2023/10/msg00027.html
security.netapp.com/advisory/ntap-20231020-0005/
www.debian.org/security/2023/dsa-5480
www.debian.org/security/2023/dsa-5492
Related
redhatcve
redhatcve
CVE-2023-4132
2023-08-03 11:21:13
prion
prion
Design/Logic Flaw
2023-08-03 15:15:00
debiancve
debiancve
CVE-2023-4132
2023-08-03 15:15:32
cvelist
cvelist
CVE-2023-4132 Kernel: smsusb: use-after-free caused by do_submit_urb()
2023-08-03 14:32:15
ubuntucve
ubuntucve
CVE-2023-4132
2023-08-03 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: kernel (CVE-2023-4132)
2023-08-31 00:00:00
Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6462-2)
2023-11-10 00:00:00
Ubuntu 18.04 ESM / 20.04 LTS : Linux kernel vulnerabilities (USN-6462-1)
2023-10-31 00:00:00
nvd
nvd
CVE-2023-4132
2023-08-03 15:15:32
cve
cve
CVE-2023-4132
2023-08-03 15:15:32
cbl_mariner
cbl_mariner
CVE-2023-4132 affecting package kernel for versions less than 5.15.126.1-1
2023-08-30 14:44:06
openvas
openvas
Ubuntu: Security Advisory (USN-6462-1)
2023-11-01 00:00:00
Ubuntu: Security Advisory (USN-6462-2)
2023-11-13 00:00:00
Ubuntu: Security Advisory (USN-6464-1)
2023-11-01 00:00:00
ubuntu
ubuntu
Linux kernel (IoT) vulnerabilities
2023-11-10 00:00:00
Linux kernel vulnerabilities
2023-10-31 00:00:00
Linux kernel vulnerabilities
2023-10-31 00:00:00
osv
osv
linux-iot vulnerabilities
2023-11-10 10:16:47
ibm
ibm
Security Bulletin: Vulnerabilities in Linux Kernel and Apache Axis can affect IBM Storage Protect Plus
2024-01-31 12:00:02
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management
2024-01-12 16:32:54
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2023-12-18 18:02:34
debian
debian
[SECURITY] [DSA 5492-1] linux security update
2023-09-09 21:40:04
[SECURITY] [DSA 5480-1] linux security update
2023-08-18 19:01:58
[SECURITY] [DLA 3623-1] linux-5.10 security update
2023-10-19 21:24:05
redhat
redhat
(RHSA-2024:0575) Important: kernel security and bug fix update
2024-01-30 12:53:19
(RHSA-2024:0724) Important: kernel security and bug fix update
2024-02-07 16:01:29
redos
redos
ROS-20230904-01
2023-09-04 00:00:00
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2023-11-14 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2023-11-17 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-11-21 21:37:49
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for VULNRICHMENT:CVE-2023-4132