CVE-2024-0565 - OpenCVE

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Netapp	Ontap Tools

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc5::::::

Configuration 2 [-]

cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:1188
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:1532
https://access.redhat.com/errata/RHSA-2024:1533
https://access.redhat.com/errata/RHSA-2024:1607
https://access.redhat.com/errata/RHSA-2024:1614
https://access.redhat.com/errata/RHSA-2024:2394
https://access.redhat.com/security/cve/CVE-2024-0565	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2258518	Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://security.netapp.com/advisory/ntap-20240223-0002/	Third Party Advisory
https://www.spinics.net/lists/stable-commits/msg328851.html	Mailing List Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-15T20:02:02.639Z

Updated: 2024-07-08T17:31:40.191Z

Reserved: 2024-01-15T19:19:12.076Z

Link: CVE-2024-0565

JSON object: View

NVD Information

Status : Modified

Published: 2024-01-15T20:15:43.630

Modified: 2024-06-25T22:15:17.417

Link: CVE-2024-0565

JSON object: View

Redhat Information

No data.

CWE

CWE-191

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-0565", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-01-15T19:19:12.076Z", "datePublished": "2024-01-15T20:02:02.639Z", "dateUpdated": "2024-07-08T17:31:40.191Z"}, "containers": {"cna": {"title": "Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "6.7-rc6", "versionType": "semver"}], "packageName": "kernel", "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-513.24.1.rt7.326.el8_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-513.24.1.el8_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-372.95.1.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-477.51.1.el8_8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-427.13.1.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-427.13.1.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-284.59.1.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/o:redhat:rhel_eus:9.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-284.59.1.rt14.344.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv"]}, {"vendor": "Red Hat", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-372.95.1.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/cluster-logging-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.7.13-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/cluster-logging-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "v5.7.13-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch6-rhel8", "defaultStatus": "affected", "versions": [{"version": "v6.8.1-408", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.7.13-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-proxy-rhel8", "defaultStatus": "affected", "versions": [{"version": "v1.0.0-480", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "v5.7.13-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/eventrouter-rhel8", "defaultStatus": "affected", "versions": [{"version": "v0.4.0-248", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/fluentd-rhel8", "defaultStatus": "affected", "versions": [{"version": "v1.14.6-215", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/kibana6-rhel8", "defaultStatus": "affected", "versions": [{"version": "v6.8.1-431", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/log-file-metric-exporter-rhel8", "defaultStatus": "affected", "versions": [{"version": "v1.1.0-228", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-curator5-rhel8", "defaultStatus": "affected", "versions": [{"version": "v5.8.1-471", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-loki-rhel8", "defaultStatus": "affected", "versions": [{"version": "v2.9.6-15", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-view-plugin-rhel8", "defaultStatus": "affected", "versions": [{"version": "v5.7.13-3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/loki-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.7.13-27", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/loki-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "v5.7.13-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/lokistack-gateway-rhel8", "defaultStatus": "affected", "versions": [{"version": "v0.1.0-527", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/opa-openshift-rhel8", "defaultStatus": "affected", "versions": [{"version": "v0.1.0-225", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "RHOL-5.7-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/vector-rhel8", "defaultStatus": "affected", "versions": [{"version": "v0.28.1-57", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.7::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1188", "name": "RHSA-2024:1188", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1404", "name": "RHSA-2024:1404", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1532", "name": "RHSA-2024:1532", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1533", "name": "RHSA-2024:1533", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1607", "name": "RHSA-2024:1607", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1614", "name": "RHSA-2024:1614", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2093", "name": "RHSA-2024:2093", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2394", "name": "RHSA-2024:2394", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0565", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518", "name": "RHBZ#2258518", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240223-0002/"}, {"url": "https://www.spinics.net/lists/stable-commits/msg328851.html"}], "datePublic": "2023-12-18T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)", "workarounds": [{"lang": "en", "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}], "timeline": [{"lang": "en", "time": "2024-01-15T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-07-08T17:31:40.191Z"}}}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFE668C1-15AF-4C7B-8071-8E46711B501B", "versionEndExcluding": "6.7", "versionStartIncluding": "6.1.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", "matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de lectura de memoria fuera de los l\u00edmites en receive_encrypted_standard en fs/smb/client/smb2ops.c en el subcomponente SMB Client en el kernel de Linux. Este problema se produce debido a un desbordamiento insuficiente de enteros en la longitud de memcpy, lo que provoca una denegaci\u00f3n de servicio."}], "id": "CVE-2024-0565", "lastModified": "2024-06-25T22:15:17.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-01-15T20:15:43.630", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1188"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1404"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1532"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1533"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1607"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1614"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2394"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-0565"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240223-0002/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://www.spinics.net/lists/stable-commits/msg328851.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-191"}], "source": "secalert@redhat.com", "type": "Secondary"}]}