CHK NVD : CVE-2023-28464 - 0524885e

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2023-28464 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-28464
https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-28464.yml
https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-28464.json

- CVE-2023-28464
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.300
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.202
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.140
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.262
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.64
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5.13
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.3
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.300
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.202
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.140
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.262
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.64
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.13
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.3
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7
- Reference (Commit)
  - Bluetooth: Fix double free in hci_conn_cleanup
    - Fixed by
      - 4.19.300 (5c53afc766e07098429520b7677eaa164b593451)
      - 5.10.202 (53d61daf35b1bbf3ae06e852ee107aa2f05b3776)
      - 5.15.140 (ba7088769800d9892a7e4f35c3137a5b3e65410b)
      - 5.4.262 (3c4236f1b2a715e878a06599fa8b0cc21f165d28)
      - 6.1.64 (87624b1f9b781549e69f92db7ede012a21cec275)
      - 6.5.13 (fc666d1b47518a18519241cae213de1babd4a4ba)
      - 6.6.3 (56a4fdde95ed98d864611155f6728983e199e198)
      - 6.7 (a85fb91e3d728bdfc80833167e8162cce8bc7004) (upstream)
    - Will be introduced by
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2023-28464

URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:netapp:h700s_firmware:-
cpe:/o:netapp:h500s_firmware:-
cpe:/o:netapp:h410s_firmware:-
cpe:/o:netapp:h410c_firmware:-
cpe:/o:netapp:h300s_firmware:-
cpe:/o:linux:linux_kernel:6.3:rc6
cpe:/o:linux:linux_kernel:6.3:rc5
cpe:/o:linux:linux_kernel:6.3:rc4
cpe:/o:linux:linux_kernel:6.3:rc3
cpe:/o:linux:linux_kernel:6.3:rc2
cpe:/o:linux:linux_kernel:6.3:rc1
cpe:/o:linux:linux_kernel:6.3:-
cpe:/o:linux:linux_kernel:6.2.12
cpe:/o:linux:linux_kernel:6.1.25