Debian Mdadm vulnerabilities

3 known vulnerabilities affecting debian/mdadm.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM1LOW2

Vulnerabilities

Page 1 of 1

CVE-2023-28736MEDIUMCVSS 5.7fixed in mdadm 4.2-1 (bookworm)2023

CVE-2023-28736 [MEDIUM] CVE-2023-28736: mdadm - Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2... Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 4.2-1) bullseye: open forky: resolved (fixed in 4.2-1) sid: resolved (fixed in 4.2-1) trixie: resolved (fixed in 4.2-1)

CVE-2023-28938LOWCVSS 3.4fixed in mdadm 4.2~rc2-2 (bookworm)2023

CVE-2023-28938 [LOW] CVE-2023-28938: mdadm - Uncontrolled resource consumption in some Intel(R) SSD Tools software before ver... Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. Scope: local bookworm: resolved (fixed in 4.2~rc2-2) bullseye: open forky: resolved (fixed in 4.2~rc2-2) sid: resolved (fixed in 4.2~rc2-2) trixie: resolved (fixed in 4.2~rc2-2)

CVE-2014-5220LOWCVSS 7.8fixed in mdadm 3.3.4-1 (bookworm)2014

CVE-2014-5220 [HIGH] CVE-2014-5220: mdadm - The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1... The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. Scope: local bookworm: resolved (fixed in 3.3.4-1) bullseye: resolved (fixed in 3.3.4-1) forky: resolved (fixed in 3.3.4-1) sid: resolved (fixed in 3.3.4-1) trixie: resolved (