CVE-2023-2019 — Improper Update of Reference Count in Kernel

CWE-911 — Improper Update of Reference Count CWE-269 — Improper Privilege Management CWE-131 — Incorrect Calculation of Buffer Size CWE-1284 — Improper Validation of Specified Quantity in Input CWE-400 — Uncontrolled Resource Consumption CWE-1333 — Regex Denial of Service38 documents15 sources

Severity

4.4MEDIUMNVD

GHSA7.5OSV9.8CISA7.8

EPSS

0.0%

top 95.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Djangoproject Django Redhat Enterprise Linux

Timeline

PublishedApr 24

Latest updateMar 14

Description

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel< 6.0

▶Debianlinux/linux_kernel< 5.19.6-1+2

▶PyPIdjangoproject/django3.2a1 — 3.2.22+2

Also affects: Enterprise Linux 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

texlive-bin vulnerabilities↗2024-03-14

▶

GHSA

Django Denial-of-service in django.utils.text.Truncator↗2023-11-03

▶

CVEList

CVE-2023-2019: A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events↗2023-04-24

▶

OSV

CVE-2023-2019: A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events↗2023-04-24

▶

GHSA

GHSA-9vmw-8f7f-qhch: A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events↗2023-04-24

▶

📋Vendor Advisories

Red Hat

python-django: Denial-of-service possibility in django.utils.text.Truncator↗2023-10-04

▶

Oracle

Oracle Oracle Health Sciences Applications Risk Matrix: Core (Telerik UI for ASP.NET AJAX) — CVE-2019-18935↗2023-04-15

▶

Red Hat

kernel: netdevsim: fib: reference count leak on route deletion failure↗2023-04-13

▶

Microsoft

A flaw was found in the Linux kernel's netdevsim device driver within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to crea↗2023-04-11

▶

CISA

Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability↗2023-04-07

▶

🕵️Threat Intelligence

Crowdstrike

CrowdStrike Named a Leader with “Exceptional” MDR Service: 2023 Forrester Wave for MDR↗

▶

Crowdstrike

November Patch Tuesday 2023: Updates and Analysis↗

▶

Crowdstrike

January 2023 Patch Tuesday: Updates and Analysis↗

▶

💬Community

Bugzilla

CVE-2023-2019 kernel: netdevsim: fib: reference count leak on route deletion failure↗2023-04-24

▶