CVE-2023-1077
First published: Mon Mar 27 2023(Updated: )
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.25<4.19.293 | |
| Linux Kernel | >=4.20<5.4.235 | |
| Linux Kernel | >=5.5<5.10.173 | |
| Linux Kernel | >=5.11<5.15.99 | |
| Linux Kernel | >=5.16<6.1.16 | |
| Linux Kernel | >=6.2<6.2.3 | |
| Debian GNU/Linux | =10.0 | |
| All of | ||
| NetApp AFF A700s Firmware | ||
| netapp a700s | ||
| All of | ||
| NetApp AFF 8300 Firmware | ||
| NetApp FAS8300 | ||
| All of | ||
| NetApp AFF 8700 Firmware | ||
| NetApp FAS8700 | ||
| All of | ||
| NetApp AFF A400 Firmware | ||
| NetApp FAS A400 | ||
| All of | ||
| NetApp C400 | ||
| NetApp C400 Firmware | ||
| All of | ||
| netapp h300s firmware | ||
| netapp h300s | ||
| All of | ||
| NetApp H500S Firmware | ||
| netapp h500s | ||
| All of | ||
| netapp h700s firmware | ||
| netapp h700s | ||
| All of | ||
| netapp h410s firmware | ||
| netapp h410s | ||
| All of | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| Linux Kernel | ||
| NetApp AFF A700s Firmware | ||
| netapp a700s | ||
| NetApp AFF 8300 Firmware | ||
| NetApp FAS8300 | ||
| NetApp AFF 8700 Firmware | ||
| NetApp FAS8700 | ||
| NetApp AFF A400 Firmware | ||
| NetApp FAS A400 | ||
| NetApp C400 | ||
| NetApp C400 Firmware | ||
| netapp h300s firmware | ||
| netapp h300s | ||
| NetApp H500S Firmware | ||
| netapp h500s | ||
| netapp h700s firmware | ||
| netapp h700s | ||
| netapp h410s firmware | ||
| netapp h410s | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://security.netapp.com/advisory/ntap-20230511-0002/
- https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
- https://launchpad.net/bugs/cve/CVE-2023-1077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1077
- https://nvd.nist.gov/vuln/detail/CVE-2023-1077
- https://security-tracker.debian.org/tracker/CVE-2023-1077
- https://ubuntu.com/security/CVE-2023-1077
- https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
- https://www.openwall.com/lists/oss-security/2023/03/01/7
Frequently Asked Questions
What is the severity of CVE-2023-1077?
CVE-2023-1077 is classified as a high-severity vulnerability due to the potential for type confusion in the Linux kernel.
How do I fix CVE-2023-1077?
To mitigate CVE-2023-1077, update the Linux kernel to any of the following fixed versions: 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.119-1, 6.12.11-1, or 6.12.12-1.
Which versions of the Linux kernel are affected by CVE-2023-1077?
CVE-2023-1077 affects Linux kernel versions between 2.6.25 and 4.19.293, and also 4.20 to 5.4.235, 5.5 to 5.10.173, 5.11 to 5.15.99, 5.16 to 6.1.16, and 6.2 to 6.2.3.
What component of the Linux kernel is affected by CVE-2023-1077?
CVE-2023-1077 specifically affects the function pick_next_rt_entity() in the Linux kernel.
Is there a workaround for CVE-2023-1077 if I cannot update my kernel?
There are currently no effective workarounds for CVE-2023-1077; updating the kernel is the recommended solution.
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/trending
- agent/source
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.25
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/10.0
- vendor/netapp
- canonical/netapp aff a700s firmware
- canonical/netapp a700s
- canonical/netapp aff 8300 firmware
- canonical/netapp fas8300
- canonical/netapp aff 8700 firmware
- canonical/netapp fas8700
- canonical/netapp aff a400 firmware
- canonical/netapp fas a400
- canonical/netapp c400
- canonical/netapp c400 firmware
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- package-manager/debian