CVE-2023-28938 — Uncontrolled Resource Consumption in Project Mdadm

CWE-400 — Uncontrolled Resource Consumption7 documents7 sources

Severity

4.4MEDIUMNVD

CNA3.4

EPSS

0.0%

top 95.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mdadm Project Mdadm

Timeline

PublishedAug 11

Description

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmdadm_project/mdadm< 4.2+1

▶Debianmdadm_project/mdadm< 4.2~rc2-2+2

🔴Vulnerability Details

GHSA

GHSA-pxxq-frx3-rf22: Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4↗2023-08-11

▶

OSV

CVE-2023-28938: Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4↗2023-08-11

▶

CVEList

CVE-2023-28938: Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4↗2023-08-11

▶

📋Vendor Advisories

Red Hat

mdadm: Uncontrolled resource consumption↗2023-08-11

▶

Microsoft

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.↗2023-08-08

▶

Debian

CVE-2023-28938: mdadm - Uncontrolled resource consumption in some Intel(R) SSD Tools software before ver...↗2023

▶