CVE-2023-4732

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:6901	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7077	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7539	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0412
https://access.redhat.com/security/cve/CVE-2023-4732	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2236982	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:codeready_linux_builder:8.0:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:::::::*

History

25 Jan 2024, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0412 -

21 Jan 2024, 02:17

Type	Values Removed	Values Added
First Time		Redhat codeready Linux Builder For Power Little Endian Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Real Time For Nfv Redhat codeready Linux Builder Redhat codeready Linux Builder For Arm64 Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Real Time
References	~~() https://access.redhat.com/errata/RHSA-2023:6901 -~~	() https://access.redhat.com/errata/RHSA-2023:6901 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7077 -~~	() https://access.redhat.com/errata/RHSA-2023:7077 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7539 -~~	() https://access.redhat.com/errata/RHSA-2023:7539 - Third Party Advisory
CPE		cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder:8.0:::::::*

Information

Published : 2023-10-03 17:15

Updated : 2024-01-25 20:15

NVD link : CVE-2023-4732

Mitre link : CVE-2023-4732

CVE.ORG link : CVE-2023-4732

JSON object : View

Products Affected

redhat

codeready_linux_builder_for_power_little_endian
enterprise_linux
enterprise_linux_for_power_little_endian
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_real_time
codeready_linux_builder
codeready_linux_builder_for_arm64
enterprise_linux_for_arm_64
enterprise_linux_for_real_time_for_nfv

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-366

Race Condition within a Thread

4.7 /10