Integer Overflow or Wraparound Affecting kernel-uek-core package, versions <0:5.15.0-8.91.4.1.el8uek
Threat Intelligence
EPSS
0.05% (15th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ORACLE8-KERNELUEKCORE-3364113
- published 18 Mar 2023
- disclosed 13 Jan 2023
Introduced: 13 Jan 2023
CVE-2023-23559 Open this link in a new tabHow to fix?
Upgrade Oracle:8 kernel-uek-core to version 0:5.15.0-8.91.4.1.el8uek or higher.
This issue was patched in ELSA-2023-12196.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-core package and not the kernel-uek-core package as distributed by Oracle.
See How to fix? for Oracle:8 relevant fixed versions and status.
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
References
- https://linux.oracle.com/cve/CVE-2023-23559.html
- https://linux.oracle.com/errata/ELSA-2023-12196.html
- https://linux.oracle.com/errata/ELSA-2023-12255.html
- https://linux.oracle.com/errata/ELSA-2023-12256.html
- https://linux.oracle.com/errata/ELSA-2023-12323.html
- https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
- https://security.netapp.com/advisory/ntap-20230302-0003/
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c
CVSS Scores
version 3.1