CVE-2023-45863Out-of-bounds Write in Kernel

CWE-787Out-of-bounds Write23 documents9 sources
Severity
6.4MEDIUMNVD
OSV6.8OSV5.5OSV4.9
EPSS
0.0%
top 98.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.135.1-2 ON CBL Mariner 2.0
Timeline
PublishedOct 14
Latest updateAug 14

Description

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel< 6.2.3
Debianlinux/linux_kernel< 5.10.205-2+3
Ubuntulinux/linux_kernel< 5.4.0-171.189+2
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-02-20
OSV
linux-gcp, linux-gcp-5.4 vulnerabilities2024-02-08
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx2024-02-07
OSV
linux-azure, linux-azure-4.15 vulnerabilities2024-01-29
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-01-25

📋Vendor Advisories

12
CISA ICS
Siemens SINEC OS2025-08-14
CISA ICS
Siemens SCALANCE W7002025-02-13
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2024-02-20
Ubuntu
Linux kernel (GCP) vulnerabilities2024-02-08
Ubuntu
Linux kernel vulnerabilities2024-02-07

💬Community

1
Bugzilla
CVE-2023-45863 kernel: lib/kobject.c vulnerable to fill_kobj_path out-of-bounds write2023-10-17
CVE-2023-45863 — Out-of-bounds Write in Linux Kernel | cvebase