{ "threat_severity" : "Moderate", "public_date" : "2023-01-12T06:30:00Z", "bugzilla" : { "description" : "Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c", "id" : "2182031", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2182031" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem." ], "acknowledgement" : "Red Hat would like to thank 1. Xingyuan Mo (IceSword Lab) and 2. Gengjia Chen (IceSword Lab) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-07-01T00:00:00Z", "advisory" : "RHSA-2025:10174", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.136.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-07-02T00:00:00Z", "advisory" : "RHSA-2025:10193", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.136.1.rt21.208.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-07-09T00:00:00Z", "advisory" : "RHSA-2025:10671", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "kernel-0:5.14.0-284.124.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-07-09T00:00:00Z", "advisory" : "RHSA-2025:10675", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.124.1.rt14.409.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-1652\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1652\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd" ], "name" : "CVE-2023-1652", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang" : "en:us" }, "csaw" : false }