CVE-2023-52466 - Vulnerability Details - OpenCVE

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/3171e46d677a668eed3086da78671f1e4f5b8405
https://git.kernel.org/stable/c/5b3e25efe16e06779a9a7c7610217c1b921ec179
https://git.kernel.org/stable/c/bd26159dcaaa3e9a927070efd348e7ce7e5ee933
https://nvd.nist.gov/vuln/detail/CVE-2023-52466
https://www.cve.org/CVERecord?id=CVE-2023-52466

History

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-02-25T08:16:30.723Z

Updated: 2024-03-03T07:31:36.406Z

Reserved: 2024-02-20T12:30:33.296Z

Link: CVE-2023-52466

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2024-02-26T16:27:48.600

Modified: 2024-03-03T08:15:07.860

Link: CVE-2023-52466

Redhat

Severity : Moderate

Publid Date: 2024-02-26T00:00:00Z

Links: CVE-2023-52466 - Bugzilla

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: out-of-bounds read in pci_dev_for_each_resource()", "id": "2266210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266210"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-125", "details": ["An out-of-bounds read flaw was found in pci_dev_for_each_resource() in the Linux Kernel. The pointer in the pci_dev_for_each_resource() may be wrong. For example, it might be used for the out-of-bounds read. This issue was identified by the Coverity static analysis tool, which flagged a pointer (res) that could be used incorrectly, potentially leading to accessing memory outside its bounds."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available for this vulnerability. Make sure to perform the updates as they become available."}, "name": "CVE-2023-52466", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52466\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52466\nhttps://git.kernel.org/stable/c/3171e46d677a668eed3086da78671f1e4f5b8405\nhttps://git.kernel.org/stable/c/5b3e25efe16e06779a9a7c7610217c1b921ec179\nhttps://git.kernel.org/stable/c/bd26159dcaaa3e9a927070efd348e7ce7e5ee933"], "statement": "The vulnerability in the pci_dev_for_each_resource() function of the Linux kernel was assessed as moderate severity due to its potential to lead to an out-of-bounds read. While no active exploitation was observed, the presence of a pointer (res) that could potentially be misused highlighted a risk of unauthorized memory access. This type of vulnerability could potentially be leveraged by an attacker to gather sensitive information or disrupt system operations, depending on the specific context and environment in which the vulnerable code is executed.", "threat_severity": "Moderate"}