CVE-2023-28736 — Classic Buffer Overflow in Project Mdadm

CWE-120 — Classic Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources

Severity

6.7MEDIUMNVD

CNA5.7

EPSS

0.0%

top 90.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mdadm Project Mdadm

Timeline

PublishedAug 11

Description

Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmdadm_project/mdadm< 4.2+1

▶Debianmdadm_project/mdadm< 4.2-1+2

🔴Vulnerability Details

GHSA

GHSA-4953-8925-rqj6: Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4↗2023-08-11

▶

OSV

CVE-2023-28736: Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4↗2023-08-11

▶

CVEList

CVE-2023-28736: Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4↗2023-08-11

▶

📋Vendor Advisories

Red Hat

mdadm: Buffer overflow↗2023-08-11

▶

Microsoft

Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.↗2023-08-08

▶

Debian

CVE-2023-28736: mdadm - Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2...↗2023

▶