CVE-2023-22995Kernel vulnerability

26 documents7 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 97.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.116.1-2 ON CBL Mariner 2.0+2 more
Timeline
PublishedFeb 28
Latest updateMar 27

Description

In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel< 5.17
Debianlinux/linux_kernel< 5.17.3-1+2
Ubuntulinux/linux_kernel< 5.4.0-173.191+1
debiandebian/linux< linux 5.17.3-1 (bookworm)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

13
OSV
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities2024-03-27
OSV
linux-azure, linux-azure-5.4 vulnerabilities2024-03-25
OSV
linux-aws, linux-aws-5.15 vulnerabilities2024-03-20
OSV
linux-kvm vulnerabilities2024-03-20
OSV
linux-oracle, linux-oracle-5.15 vulnerabilities2024-03-19

📋Vendor Advisories

12
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-03-27
Ubuntu
Linux kernel (Azure) vulnerabilities2024-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2024-03-20
Ubuntu
Linux kernel (KVM) vulnerabilities2024-03-20
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-03-19
CVE-2023-22995 — Linux Kernel vulnerability | cvebase