Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4273


A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.


Published

2023-08-09T15:15:09.823

Last Modified

2024-11-21T08:34:46.063

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-121
  • Type: Primary
    CWE-787

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System linux linux_kernel < 6.4 Yes
Operating System linux linux_kernel 6.5 Yes
Operating System linux linux_kernel 6.5 Yes
Operating System linux linux_kernel 6.5 Yes
Operating System linux linux_kernel 6.5 Yes
Operating System fedoraproject fedora 37 Yes
Operating System fedoraproject fedora 38 Yes
Operating System redhat enterprise_linux 9.0 Yes
Operating System debian debian_linux 11.0 Yes
Operating System debian debian_linux 12.0 Yes
Operating System netapp h300s_firmware - Yes
Hardware netapp h300s - No
Operating System netapp h500s_firmware - Yes
Hardware netapp h500s - No
Operating System netapp h700s_firmware - Yes
Hardware netapp h700s - No
Operating System netapp h410s_firmware - Yes
Hardware netapp h410s - No

References