CVE-2023-38409

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38409
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12 Mailing List Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d Mailing List Patch
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12 Mailing List Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d Mailing List Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:13

Type Values Removed Values Added
References () https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12 - Mailing List, Release Notes () https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12 - Mailing List, Release Notes
References () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d - Mailing List, Patch () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d - Mailing List, Patch

30 Oct 2024, 15:35

Type Values Removed Values Added
CWE CWE-362

27 Jul 2023, 03:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux
Linux linux Kernel
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d - Mailing List, Patch
References (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12 - (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12 - Mailing List, Release Notes

17 Jul 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-17 22:15

Updated : 2024-11-21 08:13

NVD link : CVE-2023-38409

Mitre link : CVE-2023-38409

CVE.ORG link : CVE-2023-38409

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
NVD-CWE-noinfo CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024