Vulnerability Description
The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.
CVSS Score
4.4
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 6.3 |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1211597
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe24
- https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJMailing ListThird Party Advisory
- https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.
- https://security.netapp.com/advisory/ntap-20230622-0006/Third Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1211597
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe24
- https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJMailing ListThird Party Advisory
- https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.
- https://security.netapp.com/advisory/ntap-20230622-0006/Third Party Advisory
FAQ
What is CVE-2023-33250?
CVE-2023-33250 is a vulnerability with a CVSS score of 4.4 (MEDIUM). The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.
How severe is CVE-2023-33250?
CVE-2023-33250 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33250?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp H300S Firmware, Netapp H300S, Netapp H500S Firmware, Netapp H500S.