{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-52466", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "REJECTED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.296Z", "datePublished": "2024-02-25T08:16:30.723Z", "dateUpdated": "2024-03-03T07:31:36.406Z", "dateRejected": "2024-03-03T07:31:36.406Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-03-03T07:31:36.406Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "id": "CVE-2023-52466", "lastModified": "2024-03-03T08:15:07.860", "metrics": {}, "published": "2024-02-26T16:27:48.600", "references": [], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: out-of-bounds read in pci_dev_for_each_resource()", "id": "2266210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266210"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-125", "details": ["An out-of-bounds read flaw was found in pci_dev_for_each_resource() in the Linux Kernel. The pointer in the pci_dev_for_each_resource() may be wrong. For example, it might be used for the out-of-bounds read. This issue was identified by the Coverity static analysis tool, which flagged a pointer (res) that could be used incorrectly, potentially leading to accessing memory outside its bounds."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available for this vulnerability. Make sure to perform the updates as they become available."}, "name": "CVE-2023-52466", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52466\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52466\nhttps://git.kernel.org/stable/c/3171e46d677a668eed3086da78671f1e4f5b8405\nhttps://git.kernel.org/stable/c/5b3e25efe16e06779a9a7c7610217c1b921ec179\nhttps://git.kernel.org/stable/c/bd26159dcaaa3e9a927070efd348e7ce7e5ee933"], "statement": "The vulnerability in the pci_dev_for_each_resource() function of the Linux kernel was assessed as moderate severity due to its potential to lead to an out-of-bounds read. While no active exploitation was observed, the presence of a pointer (res) that could potentially be misused highlighted a risk of unauthorized memory access. This type of vulnerability could potentially be leveraged by an attacker to gather sensitive information or disrupt system operations, depending on the specific context and environment in which the vulnerable code is executed.", "threat_severity": "Moderate"}