{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-6915", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-12-18T10:23:45.596Z", "datePublished": "2024-01-15T09:32:32.741Z", "dateUpdated": "2024-09-13T23:31:24.183Z"}, "containers": {"cna": {"title": "Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-553.rt7.342.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:4.18.0-553.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-427.13.1.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-427.13.1.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2394", "name": "RHSA-2024:2394", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2950", "name": "RHSA-2024:2950", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3138", "name": "RHSA-2024:3138", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6915", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982", "name": "RHBZ#2254982", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a"}], "datePublic": "2024-01-15T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-15T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank ZhengHan Wang (Hillstone Network) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-13T23:31:24.183Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.421Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2394", "name": "RHSA-2024:2394", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2950", "name": "RHSA-2024:2950", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3138", "name": "RHSA-2024:3138", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6915", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982", "name": "RHBZ#2254982", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "668F5607-E136-4E8E-86F2-316E9DC41ADC", "versionEndExcluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc7:*:*:*:*:*:*", "matchCriteriaId": "81A7ABCB-0807-4AA2-8F4E-75E38D2E3FD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc8:*:*:*:*:*:*", "matchCriteriaId": "B01471D6-2DB4-4AF2-8BE0-B5082B4B9253", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return."}, {"lang": "es", "value": "Se encontr\u00f3 un problema de desreferencia de puntero null en ida_free en lib/idr.c en el kernel de Linux. Este problema puede permitir que un atacante que utilice esta librer\u00eda cause un problema de denegaci\u00f3n de servicio debido a una verificaci\u00f3n faltante en el retorno de una funci\u00f3n."}], "id": "CVE-2023-6915", "lastModified": "2024-09-14T00:15:14.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-01-15T10:15:26.627", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2394"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2950"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3138"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-6915"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank ZhengHan Wang (Hillstone Network) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:2950", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.rt7.342.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:3138", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2394", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.13.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2394", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.13.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "kernel: Null Pointer Dereference vulnerability in ida_free in lib/idr.c", "id": "2254982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.", "A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-6915", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-01-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6915\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6915\nhttps://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a"], "threat_severity": "Moderate"}