CVE-2023-2008Improper Validation of Array Index in Kernel

CWE-129Improper Validation of Array IndexCWE-345Insufficient Verification of Data Authenticity14 documents12 sources
Severity
7.8HIGHNVD
EPSS
1.5%
top 18.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.111.1-1 ON CBL Mariner 2.0+5 more
Timeline
PublishedApr 14
Latest updateSep 15

Description

A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel4.205.4.202+5
Debianlinux/linux_kernel< 5.10.127-1+3
debiandebian/linux< linux 5.18.14-1 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
Graylog vulnerable to insecure source port usage for DNS queries2023-07-06
OSV
CVE-2023-2008: A flaw was found in the Linux kernel's udmabuf device driver2023-04-14
GHSA
GHSA-qvq2-2xfw-f6x6: A flaw was found in the Linux kernel's udmabuf device driver2023-04-14

💥Exploits & PoCs

2
Exploit-DB
Megabbs Forum 2.2 - SQL Injection / Cross-Site Scripting2008-04-27
Nuclei
Modoboa < 2.1.0 - Improper Authorization

📋Vendor Advisories

4
Red Hat
kernel: nubus: Partially revert proc_create_single_data() conversion2025-09-15
Red Hat
kernel: udmabuf: improper validation of array index leading to local privilege escalation2023-04-13
Microsoft
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data which can resu2023-04-11
Debian
CVE-2023-2008: linux - A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw ...2023

🕵️Threat Intelligence

3
Bleepingcomputer
CISA tags Windows, Cisco vulnerabilities as actively exploited2025-03-03
Krebs
Microsoft Patch Tuesday, December 2023 Edition2023-12-13
Krebs
Microsoft Patch Tuesday, December 2023 Edition2023-12-12
CVE-2023-2008 — Improper Validation of Array Index | cvebase