{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-23004", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T10:20:31.471Z", "dateReserved": "2023-01-11T00:00:00", "datePublished": "2023-03-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19"}, {"url": "https://github.com/torvalds/linux/commit/15342f930ebebcfe36f2415049736a77d7d2e045"}, {"name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:31.471Z"}, "title": "CVE Program Container", "references": [{"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19", "tags": ["x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/15342f930ebebcfe36f2415049736a77d7d2e045", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E74E9AF8-BDF5-4917-A9CA-0AAD8E13149B", "versionEndExcluding": "5.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer)."}], "id": "CVE-2023-23004", "lastModified": "2023-05-03T01:15:13.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-01T20:15:14.673", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Release Notes"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch"], "url": "https://github.com/torvalds/linux/commit/15342f930ebebcfe36f2415049736a77d7d2e045"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: incorrect check for error case in the malidp_check_pages_threshold", "id": "2182680", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182680"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-252", "details": ["In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "A NULL pointer dereference flaw was found in the Linux kernel's Mali-DP Device Driver. This flaw allows a local user to crash the system."], "name": "CVE-2023-23004", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-23004\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23004"], "threat_severity": "Moderate"}