The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
References
Link | Resource |
---|---|
https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 | Patch |
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240119-0011/ | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5480 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2023-04-24T00:00:00
Updated: 2024-01-19T16:06:21.861961
Reserved: 2023-04-12T00:00:00
Link: CVE-2023-2007
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-24T23:15:18.877
Modified: 2024-02-01T01:39:22.507
Link: CVE-2023-2007
JSON object: View
Redhat Information
No data.