CVE-2023-26607

CWE-125 — Out-of-bounds Read14 documents7 sources

Severity

7.1HIGH

EPSS

0.1%

top 80.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Netapp HCI Baseboard Management Controller

Timeline

PublishedFeb 26

Latest updateApr 19

Description

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDlinux/linux_kernel2.6.12 — 4.9.334+6

▶Debianlinux< 4.19.37-1+3

▶NVDnetapp/hci_baseboard_management_controller5 versions+4

🔴Vulnerability Details

GHSA

GHSA-5gr9-2c49-vhjx: In the Linux kernel 6↗2023-02-27

▶

CVEList

CVE-2023-26607: In the Linux kernel 6↗2023-02-26

▶

OSV

CVE-2023-26607: In the Linux kernel 6↗2023-02-26

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OEM) vulnerabilities↗2023-04-19

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2023-04-19

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2023-04-12

▶

Ubuntu

Linux kernel vulnerabilities↗2023-04-12

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2023-04-11

▶