CVE-2023-40791

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

History

04 Jan 2024, 19:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 6.3

28 Dec 2023, 16:13

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
First Time Netapp
Netapp h700s Firmware
Netapp h500s Firmware
Netapp h700s
Netapp h410s
Netapp h300s
Netapp h500s
Netapp h300s Firmware
Netapp h410s Firmware
References () https://security.netapp.com/advisory/ntap-20231110-0009/ - () https://security.netapp.com/advisory/ntap-20231110-0009/ - Third Party Advisory
References () https://lore.kernel.org/linux-crypto/20571.1690369076%40warthog.procyon.org.uk/ - () https://lore.kernel.org/linux-crypto/20571.1690369076%40warthog.procyon.org.uk/ - Mailing List, Patch

10 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231110-0009/ -

07 Nov 2023, 04:20

Type Values Removed Values Added
References
  • {'url': 'https://lore.kernel.org/linux-crypto/20571.1690369076@warthog.procyon.org.uk/', 'name': 'https://lore.kernel.org/linux-crypto/20571.1690369076@warthog.procyon.org.uk/', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MISC'}
  • () https://lore.kernel.org/linux-crypto/20571.1690369076%40warthog.procyon.org.uk/ -

19 Oct 2023, 14:20

Type Values Removed Values Added
References (MISC) https://lore.kernel.org/linux-crypto/20571.1690369076@warthog.procyon.org.uk/ - (MISC) https://lore.kernel.org/linux-crypto/20571.1690369076@warthog.procyon.org.uk/ - Mailing List, Vendor Advisory
References (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12 - (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12 - Release Notes
References (MISC) https://lkml.org/lkml/2023/8/3/323 - (MISC) https://lkml.org/lkml/2023/8/3/323 - Exploit, Mailing List, Third Party Advisory
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f - Mailing List, Patch
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
First Time Linux
Linux linux Kernel

16 Oct 2023, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-16 03:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-40791

Mitre link : CVE-2023-40791

CVE.ORG link : CVE-2023-40791


JSON object : View

Products Affected

linux

  • linux_kernel

netapp

  • h300s_firmware
  • h500s_firmware
  • h410s_firmware
  • h500s
  • h700s_firmware
  • h410s
  • h300s
  • h700s