CVE-2023-33250

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1211597
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650
https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ	Mailing List Third Party Advisory
https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/
https://security.netapp.com/advisory/ntap-20230622-0006/	Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1211597
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650
https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ	Mailing List Third Party Advisory
https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/
https://security.netapp.com/advisory/ntap-20230622-0006/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:6.3:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:05

Type	Values Removed	Values Added
References	~~() https://bugzilla.suse.com/show_bug.cgi?id=1211597 -~~	() https://bugzilla.suse.com/show_bug.cgi?id=1211597 -
References	~~() https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f -~~	() https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f -
References	~~() https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650 -~~	() https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650 -
References	~~() https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ - Mailing List, Third Party Advisory~~	() https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ - Mailing List, Third Party Advisory
References	~~() https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/ -~~	() https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/ -
References	~~() https://security.netapp.com/advisory/ntap-20230622-0006/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20230622-0006/ - Third Party Advisory

25 Mar 2024, 01:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f - () https://bugzilla.suse.com/show_bug.cgi?id=1211597 - () https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650 -

07 Nov 2023, 04:14

Type	Values Removed	Values Added
References	{'url': 'https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0@ip-172-31-85-199.ec2.internal/T/', 'name': 'https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0@ip-172-31-85-199.ec2.internal/T/', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}	() https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/ -

14 Aug 2023, 15:39

Type	Values Removed	Values Added
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20230622-0006/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20230622-0006/ - Third Party Advisory
First Time		Netapp h410s Netapp h700s Netapp h500s Netapp h410s Firmware Netapp Netapp h500s Firmware Netapp h700s Firmware Netapp h300s Firmware Netapp h300s
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 4.4
CPE		cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::*

22 Jun 2023, 15:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20230622-0006/ -

26 May 2023, 03:32

Type	Values Removed	Values Added
CWE		CWE-416
CPE		cpe:2.3:o:linux:linux_kernel:6.3:::::::*
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~(MISC) https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ -~~	(MISC) https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ - Mailing List, Third Party Advisory
References	~~(MISC) https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0@ip-172-31-85-199.ec2.internal/T/ -~~	(MISC) https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0@ip-172-31-85-199.ec2.internal/T/ - Vendor Advisory

21 May 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-21 21:15

Updated : 2025-03-18 19:15

NVD link : CVE-2023-33250

Mitre link : CVE-2023-33250

CVE.ORG link : CVE-2023-33250

JSON object : View

Products Affected

netapp

h700s_firmware
h410s_firmware
h700s
h500s
h410s
h300s
h300s_firmware
h500s_firmware

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2023-33250", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2023-05-21T21:15:08.737", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1211597", "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f", "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650", "source": "cve@mitre.org"}, {"url": "https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20230622-0006/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1211597", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20230622-0006/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c."}], "lastModified": "2025-03-18T19:15:41.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72B2D3FD-E1FC-40FB-8773-705D1FF832FF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

4.4 /10