CVE-2023-35825 - Vulnerability Details

Vendors	Products
Redhat	Enterprise Linux Rhel Eus Rhev Hypervisor

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2023:6901	2023-11-14T00:00:00Z
kernel-0:4.18.0-513.5.1.el8_9	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:7077	2023-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.91.1.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:0724	2024-02-07T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.43.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:0575	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-362.8.1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6583	2023-11-07T00:00:00Z
kernel-0:5.14.0-362.8.1.el9_3	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:6583	2023-11-07T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.91.1.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:0724	2024-02-07T00:00:00Z

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2023-35825
https://www.cve.org/CVERecord?id=CVE-2023-35825

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2023-35825", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-06-19T00:00:00", "dateRejected": "2023-06-19T00:00:00", "dateReserved": "2023-06-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-19T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3141. Reason: This candidate is a reservation duplicate of CVE-2023-3141. Notes: All CVE users should reference CVE-2023-3141 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."}]}}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.0 (string)

cveMetadata : { »

state : REJECTED (string)

cveId : CVE-2023-35825 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2023-06-19T00:00:00 (string)

dateRejected : 2023-06-19T00:00:00 (string)

dateReserved : 2023-06-18T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-06-19T00:00:00 (string)

}

rejectedReasons : [ »

0 : { »

lang : en (string)

value : DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3141. Reason: This candidate is a reservation duplicate of CVE-2023-3141. Notes: All CVE users should reference CVE-2023-3141 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2023:6901", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:7077", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-513.5.1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:0724", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.91.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0575", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.43.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2024:0724", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.91.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-02-07T00:00:00Z"}], "bugzilla": {"description": "kernel: r592: race condition leading to use-after-free in r592_remove()", "id": "2215837", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215837"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-362->CWE-416", "details": ["A race condition was found in the Linux kernel's r592 device driver, when removing the module before cleanup in the r592_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors."], "name": "CVE-2023-35825", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-35825\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35825"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2023:6901 (string)

cpe : cpe:/a:redhat:enterprise_linux:8::nfv (string)

package : kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-11-14T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2023:7077 (string)

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

package : kernel-0:4.18.0-513.5.1.el8_9 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-11-14T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2024:0724 (string)

cpe : cpe:/o:redhat:rhel_eus:8.6 (string)

package : kernel-0:4.18.0-372.91.1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Extended Update Support (string)

release_date : 2024-02-07T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2024:0575 (string)

cpe : cpe:/o:redhat:rhel_eus:8.8 (string)

package : kernel-0:4.18.0-477.43.1.el8_8 (string)

product_name : Red Hat Enterprise Linux 8.8 Extended Update Support (string)

release_date : 2024-01-30T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2023:6583 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-362.8.1.el9_3 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-11-07T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2023:6583 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-362.8.1.el9_3 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-11-07T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2024:0724 (string)

cpe : cpe:/o:redhat:rhev_hypervisor:4.4::el8 (string)

package : kernel-0:4.18.0-372.91.1.el8_6 (string)

product_name : Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 (string)

release_date : 2024-02-07T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: r592: race condition leading to use-after-free in r592_remove() (string)

id : 2215837 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2215837 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

status : verified (string)

}

cwe : CWE-362->CWE-416 (string)

details : [ »

0 : A race condition was found in the Linux kernel's r592 device driver, when removing the module before cleanup in the r592_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors. (string)

]

name : CVE-2023-35825 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2023-06-19T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2023-35825 https://nvd.nist.gov/vuln/detail/CVE-2023-35825 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object