{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-3312", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T06:55:03.405Z", "dateReserved": "2023-06-19T00:00:00", "datePublished": "2023-06-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-07-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service."}], "affected": [{"vendor": "n/a", "product": "Kernel", "versions": [{"version": "Kernel version prior to 6.4-rc1", "status": "affected"}]}], "references": [{"url": "https://patchwork.kernel.org/project/linux-pm/patch/20230323174026.950622-1-krzysztof.kozlowski%40linaro.org/"}, {"url": "https://security.netapp.com/advisory/ntap-20230731-0005/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-415", "cweId": "CWE-415"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.405Z"}, "title": "CVE Program Container", "references": [{"url": "https://patchwork.kernel.org/project/linux-pm/patch/20230323174026.950622-1-krzysztof.kozlowski%40linaro.org/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230731-0005/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F", "versionEndExcluding": "6.2.15", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC", "versionEndExcluding": "6.3.2", "versionStartIncluding": "6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service."}], "id": "CVE-2023-3312", "lastModified": "2024-11-21T08:16:59.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-06-19T18:15:09.920", "references": [{"source": "[email protected]", "url": "https://patchwork.kernel.org/project/linux-pm/patch/20230323174026.950622-1-krzysztof.kozlowski%40linaro.org/"}, {"source": "[email protected]", "url": "https://security.netapp.com/advisory/ntap-20230731-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchwork.kernel.org/project/linux-pm/patch/20230323174026.950622-1-krzysztof.kozlowski%40linaro.org/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230731-0005/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-415"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: double free in IO unmap and resource release on exit in drivers/cpufreq/qcom-cpufreq-hw.c", "id": "2215847", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215847"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-415", "details": ["A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.", "A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in the cpufreq subsystem of the Linux Kernel. During device unbind, this issue will cause a double release problem, leading to a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2023-3312", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-03-23T06:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3312\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3312\nhttps://patchwork.kernel.org/project/linux-pm/patch/[email protected]/"], "threat_severity": "Low", "upstream_fix": "Kernel 6.4-rc1"}