linux_kernel_cves icon indicating copy to clipboard operation
linux_kernel_cves copied to clipboard

Published 20 hours ago verified publisher icon nluedtke

[DATA] CVE-2023-3773

Open rossburton opened this issue 11 months ago • 2 comments

Change Type Requested Update

CVE id number CVE-2023-3773

References The linked Red Hat bug points to a patch on LKML which resolves this issue: https://lore.kernel.org/all/[email protected]/T/#u

rossburton avatar Aug 07 '23 12:08 rossburton

The fix has now been merged as 5e2424708da7207087934c5c75211e8584d553a0.

rossburton avatar Aug 25 '23 12:08 rossburton

The issue was originally introduced with commit 4e484b3e969b52effd95c17f7a86f39208b2ccf4, which was part of 5.17(-rc1).

backports:

  • 5.16 with 5.16.3 as 2aabcf5947192c743b74deb2146481142bfc7a57
  • 5.15 with 5.15.17 as 2b68b42a5d05b236e0eef29266ca8fa1f92a2d5f
  • 5.10 with 5.10.94 as a0b13335a342c9083640ba0ea6fe7c8d8076cae7

5.4 did not receive a backport, so I stopped looking.

The above mentioned fixing commit was part of 6.5(-rc7), so anything 6.5+ is unaffected.

backports:

  • 6.4 with 6.4.12 as a9020514f175ef15bb68eea9345782abfd9afea3
  • 6.1 with 6.1.47 as a442cd17019385c53bbddf3bb92d91474081916b
  • 5.15 with 5.15.128 as 8e5e967348caead2e03f047af28a4bcd79b80b9c
  • 5.10 with 5.10.194 as 614811692e21cef324d897202ad37c17d4390da3

6.3 did not receive the backport, so I stopped checking non-LTS kernels.

So that makes the affected versions:

  • 5.10.94 - 5.10.193
  • 5.15.17 - 5.15.127
  • 5.16.3 - 6.1.46
  • 6.2 - 6.4.12

KanjiMonster avatar Sep 27 '23 08:09 KanjiMonster