CVE-2023-6915

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:2394
https://access.redhat.com/errata/RHSA-2024:2950
https://access.redhat.com/errata/RHSA-2024:3138
https://access.redhat.com/security/cve/CVE-2023-6915	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254982	Issue Tracking
https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a	Patch
https://access.redhat.com/errata/RHSA-2024:2394
https://access.redhat.com/errata/RHSA-2024:2950
https://access.redhat.com/errata/RHSA-2024:3138
https://access.redhat.com/security/cve/CVE-2023-6915	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254982	Issue Tracking
https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc8::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

21 Nov 2024, 08:44

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 6.2
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -
References	~~() https://access.redhat.com/errata/RHSA-2024:2394 -~~	() https://access.redhat.com/errata/RHSA-2024:2394 -
References	~~() https://access.redhat.com/errata/RHSA-2024:2950 -~~	() https://access.redhat.com/errata/RHSA-2024:2950 -
References	~~() https://access.redhat.com/errata/RHSA-2024:3138 -~~	() https://access.redhat.com/errata/RHSA-2024:3138 -
References	~~() https://access.redhat.com/security/cve/CVE-2023-6915 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2023-6915 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2254982 - Issue Tracking~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2254982 - Issue Tracking
References	~~() https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a - Patch~~	() https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a - Patch

14 Sep 2024, 00:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html', 'source': '[email protected]'}~~

25 Jun 2024, 21:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -

22 May 2024, 17:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2950 - () https://access.redhat.com/errata/RHSA-2024:3138 -

30 Apr 2024, 14:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2394 -

Information

Published : 2024-01-15 10:15

Updated : 2024-11-21 08:44

NVD link : CVE-2023-6915

Mitre link : CVE-2023-6915

CVE.ORG link : CVE-2023-6915

JSON object : View

Products Affected

linux

linux_kernel

redhat

enterprise_linux

CWE

CWE-476

NULL Pointer Dereference

6.2 /10