From 02d5aa8cc5d96eb7ec37affd31016e6c04791335 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=A4=A9=E9=80=B8?= Date: Fri, 21 Apr 2023 17:22:52 +0000 Subject: [PATCH 1/2] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2023-28772?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张天逸 --- cve/linux-kernel/2023/CVE-2023-28772/README.md | 17 +++++++++++++++++ cve/linux-kernel/2023/yaml/CVE-2023-28772.yaml | 16 ++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 cve/linux-kernel/2023/CVE-2023-28772/README.md create mode 100644 cve/linux-kernel/2023/yaml/CVE-2023-28772.yaml diff --git a/cve/linux-kernel/2023/CVE-2023-28772/README.md b/cve/linux-kernel/2023/CVE-2023-28772/README.md new file mode 100644 index 00000000..a287b661 --- /dev/null +++ b/cve/linux-kernel/2023/CVE-2023-28772/README.md @@ -0,0 +1,17 @@ +### [CVE-2023-28772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28772) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/cve/linux-kernel/2023/yaml/CVE-2023-28772.yaml b/cve/linux-kernel/2023/yaml/CVE-2023-28772.yaml new file mode 100644 index 00000000..61dd1c35 --- /dev/null +++ b/cve/linux-kernel/2023/yaml/CVE-2023-28772.yaml @@ -0,0 +1,16 @@ +id: CVE-2023-28772 +source: 暂无。 +info: + name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 + severity: high + description: | + 在 Linux 内核版本5.13.3以前发现一个漏洞。lib/seq_buf.c存在一个seq_buf_putmem_hex缓冲区溢出漏洞。 + scope-of-influence: + Linux kernel before 5.13.3 + reference: + - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.8 + cve-id: CVE-2023-28772 + cnvd-id: NONE + tags: 缓冲区溢出,cve2023 \ No newline at end of file -- Gitee From b44f701914b2dd18a280d0a506d13148d32d4dbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=A4=A9=E9=80=B8?= Date: Fri, 21 Apr 2023 17:25:07 +0000 Subject: [PATCH 2/2] update openkylin_list.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张天逸 --- openkylin_list.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 9b6a0f88..3dec5b67 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -76,6 +76,7 @@ cve: - CVE-2019-13272 - CVE-2020-12351 - CVE-2021-43267 + - CVE-2023-28772 sudo: - CVE-2019-18634 - CVE-2021-3156 -- Gitee