CVE-2023-4732: Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h
First published: Sat Sep 02 2023(Updated: )
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=5.13.19 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Codeready Linux Builder | =8.0 | |
| Redhat Codeready Linux Builder For Arm64 | =8.0_aarch64 | |
| Redhat Codeready Linux Builder For Power Little Endian | =8.0_ppc64le | |
| Redhat Enterprise Linux For Arm 64 | =8.0_aarch64 | |
| Redhat Enterprise Linux For Ibm Z Systems | =8.0_s390x | |
| Redhat Enterprise Linux For Power Little Endian | =8.0_ppc64le | |
| Redhat Enterprise Linux For Real Time | =8.0 | |
| Redhat Enterprise Linux For Real Time For Nfv | =8.0 | |
| redhat/Kernel | <5.14 | 5.14 |
| IBM QRadar SIEM | <=7.5 - 7.5.0 UP8 IF01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-4732
- https://bugzilla.redhat.com/show_bug.cgi?id=2236982
- https://access.redhat.com/errata/RHSA-2023:6901
- https://access.redhat.com/errata/RHSA-2023:7077
- https://access.redhat.com/errata/RHSA-2023:7539
- https://access.redhat.com/errata/RHSA-2024:0412
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2236982#c1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/267576
- https://www.ibm.com/support/pages/node/7150684 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-4732?
The severity of CVE-2023-4732 is medium with a CVSS score of 4.7.
What is the affected software for CVE-2023-4732?
The affected software for CVE-2023-4732 includes the Linux Kernel version up to and including 5.13.19, and Redhat Enterprise Linux 8.0.
How can an attacker exploit CVE-2023-4732?
An attacker with local user privilege can exploit CVE-2023-4732 by causing a denial of service problem through a BUG statement referencing pmd_t x in the Linux Kernel's memory management subsystem.
How can I fix CVE-2023-4732?
To fix CVE-2023-4732, update your Linux Kernel to version 5.14 or apply the appropriate remedy provided by Redhat.
Where can I find more information about CVE-2023-4732?
You can find more information about CVE-2023-4732 in the references provided: [1](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2236982#c1), [2](https://bugzilla.redhat.com/show_bug.cgi?id=2236982), [3](https://access.redhat.com/security/cve/CVE-2023-4732)
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- agent/title
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/references
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-4732
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.13.19
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- canonical/redhat codeready linux builder
- version/redhat codeready linux builder/8.0
- canonical/redhat codeready linux builder for arm64
- version/redhat codeready linux builder for arm64/8.0_aarch64
- canonical/redhat codeready linux builder for power little endian
- version/redhat codeready linux builder for power little endian/8.0_ppc64le
- canonical/redhat enterprise linux for arm 64
- version/redhat enterprise linux for arm 64/8.0_aarch64
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/8.0_s390x
- canonical/redhat enterprise linux for power little endian
- version/redhat enterprise linux for power little endian/8.0_ppc64le
- canonical/redhat enterprise linux for real time
- version/redhat enterprise linux for real time/8.0
- canonical/redhat enterprise linux for real time for nfv
- version/redhat enterprise linux for real time for nfv/8.0
- package-manager/redhat
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5 - 7.5.0 up8 if01