CVE-2023-23003Unchecked Return Value in Kernel

CWE-252Unchecked Return Value6 documents6 sources
Severity
4.0MEDIUMNVD
EPSS
0.1%
top 67.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.118.1-2 ON CBL Mariner 2.0+5 more
Timeline
PublishedMar 1
Latest updateMar 14

Description

In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:HExploitability: 0.3 | Impact: 3.6

Affected Packages9 packages

NVDlinux/linux_kernel< 5.16
Debianlinux/linux_kernel< 5.16.7-1+2
debiandebian/linux< linux 5.16.7-1 (bookworm)

Patches

Patch: cdn.kernel.orgPatch: github.comPatch: cdn.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-23003: In the Linux kernel before 52023-03-01
GHSA
GHSA-787r-j94j-7wpv: In the Linux kernel before 52023-03-01

📋Vendor Advisories

3
Microsoft
In the Linux kernel before 5.16 tools/perf/util/expr.c lacks a check for the hashmap__new return value.2023-03-14
Debian
CVE-2023-23003: linux - In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the ha...2023
Red Hat
kernel: missing check for return value of hashmap__new() in the function expr__ctx_new2021-12-18
CVE-2023-23003 — Unchecked Return Value in Linux Kernel | cvebase