CVE-2023-33631
published 2023-05-31CVE-2023-33631: H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm.
PriorityP339high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.93%
56.2th percentile
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| h3c | magic_r300-2100m_firmware | — | — |
| linux | linux_kernel | >= 0 < 4.4.0-256.290 | 4.4.0-256.290 |
| linux | linux_kernel | >= 0 < 4.15.0-226.238 | 4.15.0-226.238 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-azure vulnerabilities
osv·2024-07-10·CVSS 7.8
CVE-2021-33631 linux-azure vulnerabilities
linux-azure vulnerabilities
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for I
OSV
linux-azure, linux-azure-4.15 vulnerabilities
osv·2024-07-04·CVSS 7.8
CVE-2021-33631 linux-azure, linux-azure-4.15 vulnerabilities
linux-azure, linux-azure-4.15 vulnerabilities
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2024-07-03·CVSS 7.8
CVE-2021-33631 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2024-07-03·CVSS 7.8
CVE-2021-33631 linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the ini
GHSA
GHSA-c6gq-cgr2-gx3c: H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm
ghsa_unreviewed·2023-05-31
CVE-2023-33631 [HIGH] CWE-787 GHSA-c6gq-cgr2-gx3c: H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-31
Published