CVE-2023-2269

Description

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.4CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 8%

Techniques & Countermeasures

• CWE-667•Improper Locking

  The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

• CWE-413•Improper Resource Locking

  The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.

Affected Systems

• debian•debian_linux

  10.0 | 11.0 | 12.0

• fedoraproject•fedora

  36 | 37 | 38

• linux•linux_kernel

  6.2

• netapp•h300s_firmware

  na

• netapp•h410c_firmware

  na

• netapp•h410s_firmware

  na

• netapp•h500s_firmware

  na

• netapp•h700s_firmware

  na

References (9)

• https://lore.kernel.org/lkml/ZD1xyZxb3rHot8PV%40redhat.com/t/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63AJUCJTZCII2JMAF7MGZEM66KY7IALT/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXHBLWYNSUBS77TYPOJTADPDXKBH2F4U/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBLBKW2WM5YSTS6OGEU5SYHXSJ5EWSTV/
• https://www.debian.org/security/2023/dsa-5448
• https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
• https://www.debian.org/security/2023/dsa-5480
• https://security.netapp.com/advisory/ntap-20230929-0004/
• https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html