CVE-2023-2007

HIGH

Linux Kernel < 6.0 - Improper Locking

Title source: rule

Description

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

References (5)

Core 5

Core References

Patch

https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0

View Patch ZIP pw:eip

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240119-0011/

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5480

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 8.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-367 CWE-667

Status published

Products (9)

debian/debian_linux 10.0

debian/debian_linux 11.0

linux/linux_kernel < 6.0

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

netapp/solidfire_\&_hci_management_node

Published Apr 24, 2023

Tracked Since Feb 18, 2026