|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-28736: mdadm: Buffer overflow may allow a privileged user to potentially enable escalation of privilege via local access. | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Stoyan Manolov <stoyan.manolov> |
| Component: | Incidents | Assignee: | kernel-storage-team <kernel-storage-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | colyli, mariusz.tkaczyk, martin.wilck, security-team |
| Version: | unspecified | Flags: | martin.wilck:
needinfo?
(colyli) |
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/375086/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2023-28736:5.7:(AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Stoyan Manolov
2023-08-14 09:38:08 UTC
The upstream commit is probably
ced5fa8 ("mdadm: block creation with long names")
@Coly, Intel has not identified an individual commit, unfortunately. Please double-check my assessment in comment 2. I have created a submission with that patch for SLE15-SP3 already. See also bug 1214245 Here is the fix: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=ced5fa8b170ad448f4076e24a10c731b5cfb36ce Even if it seems serious, please be aware that is has been there for 10 years.. Mariusz Ok, I guessed correctly :-) thanks. SUSE-SU-2023:3691-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1214244, 1214245, 1214974 CVE References: CVE-2023-28736, CVE-2023-28938 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): mdadm-4.1-4.29.1 SUSE Linux Enterprise Server 12 SP5 (src): mdadm-4.1-4.29.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): mdadm-4.1-4.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2023:3953-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1214244, 1214245 CVE References: CVE-2023-28736, CVE-2023-28938 Sources used: SUSE Linux Enterprise Micro for Rancher 5.3 (src): mdadm-4.1-150300.24.33.1 SUSE Linux Enterprise Micro 5.3 (src): mdadm-4.1-150300.24.33.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): mdadm-4.1-150300.24.33.1 SUSE Linux Enterprise Micro 5.4 (src): mdadm-4.1-150300.24.33.1 Basesystem Module 15-SP4 (src): mdadm-4.1-150300.24.33.1 SUSE Manager Proxy 4.2 (src): mdadm-4.1-150300.24.33.1 SUSE Manager Retail Branch Server 4.2 (src): mdadm-4.1-150300.24.33.1 SUSE Manager Server 4.2 (src): mdadm-4.1-150300.24.33.1 SUSE Linux Enterprise Micro 5.1 (src): mdadm-4.1-150300.24.33.1 SUSE Linux Enterprise Micro 5.2 (src): mdadm-4.1-150300.24.33.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): mdadm-4.1-150300.24.33.1 openSUSE Leap 15.4 (src): mdadm-4.1-150300.24.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. |