CVE-2023-2007 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2023-2007?

CVE-2023-2007 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-2007?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Netapp H300S Firmware, Netapp H300S, Netapp H500S Firmware.

Vulnerability Description

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 6.0
Debian	Debian Linux	10.0
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Netapp	H410C Firmware	-
Netapp	H410C	-
Netapp	Solidfire \& Hci Management Node	-

Related Weaknesses (CWE)

CWE-667 CWE-367

References

https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2aPatch
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20240119-0011/Third Party Advisory
https://www.debian.org/security/2023/dsa-5480Third Party Advisory
https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2aPatch
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20240119-0011/Third Party Advisory
https://www.debian.org/security/2023/dsa-5480Third Party Advisory

FAQ

What is CVE-2023-2007?

CVE-2023-2007 is a vulnerability with a CVSS score of 7.8 (HIGH). The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction w...

How severe is CVE-2023-2007?

CVE-2023-2007 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-2007?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Netapp H300S Firmware, Netapp H300S, Netapp H500S Firmware.