CVE-2023-2898 - OpenCVE

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Netapp	H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500s H500s Firmware H700s H700s Firmware

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 3 [-]

AND

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao%40kernel.org/
https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/
https://nvd.nist.gov/vuln/detail/CVE-2023-2898
https://security.netapp.com/advisory/ntap-20230929-0002/
https://www.cve.org/CVERecord?id=CVE-2023-2898
https://www.debian.org/security/2023/dsa-5480
https://www.debian.org/security/2023/dsa-5492

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-05-26T00:00:00

Updated: 2024-08-02T06:41:03.609Z

Reserved: 2023-05-25T00:00:00

Link: CVE-2023-2898

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-26T22:15:14.727

Modified: 2024-02-01T01:27:24.977

Link: CVE-2023-2898

Redhat

Severity : Low

Publid Date: 2023-05-23T00:00:00Z

Links: CVE-2023-2898 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object