CVE-2023-2007

Published: 4/24/2023 Last updated: 8/2/2024 Reserved: 4/12/2023

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
Linux kernel's DPT I2O Controller driver	n/a	< 17.0.0.1

References (10)

https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
https://www.debian.org/security/2023/dsa-5480
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://security.netapp.com/advisory/ntap-20240119-0011/
https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
https://www.debian.org/security/2023/dsa-5480
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://security.netapp.com/advisory/ntap-20240119-0011/