Vulnerability Description
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.19 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2186862Issue TrackingPatchThird Party Advisory
- https://github.com/torvalds/linux/commit/05b252cccb2e5c3f56119d25de684b4f810ba4Patch
- https://security.netapp.com/advisory/ntap-20230517-0007/Third Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-441/Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=2186862Issue TrackingPatchThird Party Advisory
- https://github.com/torvalds/linux/commit/05b252cccb2e5c3f56119d25de684b4f810ba4Patch
- https://security.netapp.com/advisory/ntap-20230517-0007/Third Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-441/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2023-2008?
CVE-2023-2008 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can res...
How severe is CVE-2023-2008?
CVE-2023-2008 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2008?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.