CVE-2023-33250
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
21/05/2023
Last modified:
18/03/2025
Description
The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugzilla.suse.com/show_bug.cgi?id=1211597
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650
- https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ
- https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/
- https://security.netapp.com/advisory/ntap-20230622-0006/
- https://bugzilla.suse.com/show_bug.cgi?id=1211597
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650
- https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ
- https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/
- https://security.netapp.com/advisory/ntap-20230622-0006/