CVE-2023-45862
kernel: drivers/usb/storage/ene_ub6250.c
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
Se descubrió un problema en drivers/usb/storage/ene_ub6250.c para el controlador del lector ENE UB6250 en el kernel de Linux anterior a 6.2.5. Un objeto podría potencialmente extenderse más allá del final de una asignación.
An out-of-bounds memory access flaw was found in the Linux kernel ENE SD/MS Card reader driver. This issue occurs when using a malicious USB device, which could allow a local user to crash the system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-14 CVE Reserved
- 2023-10-14 CVE Published
- 2024-01-09 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.5 | Release Notes | |
| https://security.netapp.com/advisory/ntap-20231116-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce33e64c1788912976b61314b56935abd4bc97ef | 2024-01-08 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-45862 | 2024-03-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2244715 | 2024-03-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H410c Firmware Search vendor "Netapp" for product "H410c Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410c Search vendor "Netapp" for product "H410c" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.2.5 Search vendor "Linux" for product "Linux Kernel" and version " < 6.2.5" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||