gsd-2023-3863
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-3863", "id": "GSD-2023-3863" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-3863" ], "details": "A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.", "id": "GSD-2023-3863", "modified": "2023-12-13T01:20:54.541674Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2023-3863", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kernel", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "status": "unaffected", "version": "6.5-rc1" } ] } } ] } } ] }, "vendor_name": "n/a" }, { "product": { "product_data": [ { "product_name": "Red Hat Enterprise Linux 6", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Enterprise Linux 7", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Enterprise Linux 9", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } } ] }, "vendor_name": "Red Hat" }, { "product": { "product_data": [ { "product_name": "Fedora", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } } ] }, "vendor_name": "Fedora" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue." } ] }, "impact": { "cvss": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-416", "lang": "eng", "value": "Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://access.redhat.com/security/cve/CVE-2023-3863", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2023-3863" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2225126", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225126" }, { "name": "https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10" }, { "name": "https://www.debian.org/security/2023/dsa-5480", "refsource": "MISC", "url": "https://www.debian.org/security/2023/dsa-5480" }, { "name": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "url": "https://www.debian.org/security/2023/dsa-5492" }, { "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", "refsource": "MISC", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "name": "https://security.netapp.com/advisory/ntap-20240202-0002/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/ntap-20240202-0002/" } ] }, "work_around": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1", "versionEndExcluding": "6.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue." } ], "id": "CVE-2023-3863", "lastModified": "2024-02-02T14:15:53.857", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary" } ] }, "published": "2023-07-24T15:15:09.397", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3863" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225126" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20240202-0002/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2023/dsa-5492" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "secalert@redhat.com", "type": "Secondary" } ] } } } }
Loading...