Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for RHOL-5.8-RHEL-9 by Red Hat

    CVE-2024-12085 (GCVE-0-2024-12085)

    Vulnerability from nvd – Published: 2025-01-14 17:37 – Updated: 2026-06-29 20:32
    VLAI
    Title
    Rsync: info leak via uninitialized stack contents
    Summary
    A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHBA-2025:6470 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0324 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0325 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0637 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0688 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0774 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0787 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0790 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0849 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0884 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1120 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1123 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1128 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1227 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1242 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1451 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2701 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-12085 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2330539 issue-trackingx_refsource_REDHAT
    https://kb.cert.org/vuls/id/952657
    https://github.com/google/security-research/secur… exploit
    https://security.netapp.com/advisory/ntap-2025013…
    https://lists.debian.org/debian-lts-announce/2025…
    https://www.kb.cert.org/vuls/id/952657
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 3.3.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.4.1-2.el10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Unaffected: 0:3.0.6-12.el6_10.1 , < * (rpm)
        cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:3.1.2-12.el7_9.1 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.1.3-20.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:3.1.3-7.el8_2.3 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:3.1.3-12.el8_4.3 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:3.1.3-12.el8_4.3 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:3.1.3-12.el8_4.3 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:3.1.3-14.el8_6.6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:3.1.3-14.el8_6.6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:3.1.3-14.el8_6.6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.1.3-20.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.3-20.el9_5.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:3.2.3-9.el9_0.3 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.2.3-19.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:3.2.3-19.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 412.86.202502100314-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202503112237-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202502111902-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202501281917-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202502051822-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-454 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-17 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-537 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-4 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-339 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-320 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-552 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v3.3.2-9 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-12 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-725 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-342 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-88 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-25 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-11 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v0.4.0-340 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-5 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v1.1.0-321 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v3.3.2-8 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-6 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-9 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-4 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v0.1.0-724 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v0.1.0-341 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v0.34.1-30 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1 Unaffected: 1.8.0 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Date Public
    2025-01-14 15:06
    Credits
    Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12085",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T04:55:14.796829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:27.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:52:11.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/952657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/RsyncProject/rsync",
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.1-2.el10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:6"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.6-12.el6_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.2-12.el7_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-20.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-7.el8_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-12.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-12.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-12.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-14.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-14.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-14.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-20.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-20.el9_5.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-20.el9_5.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-9.el9_0.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-19.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-19.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "412.86.202502100314-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202503112237-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202502111902-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202501281917-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-ansible-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-helm-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-sdk-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202502051822-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-454",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-17",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-537",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-339",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-320",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-552",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v3.3.2-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-725",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-342",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-88",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-25",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-340",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-321",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v3.3.2-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-724",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-341",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.34.1-30",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-must-gather-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
            }
          ],
          "datePublic": "2025-01-14T15:06:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:32:05.763Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:6470",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:6470"
            },
            {
              "name": "RHSA-2025:0324",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0324"
            },
            {
              "name": "RHSA-2025:0325",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0325"
            },
            {
              "name": "RHSA-2025:0637",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0637"
            },
            {
              "name": "RHSA-2025:0688",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0688"
            },
            {
              "name": "RHSA-2025:0714",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0714"
            },
            {
              "name": "RHSA-2025:0774",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0774"
            },
            {
              "name": "RHSA-2025:0787",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0787"
            },
            {
              "name": "RHSA-2025:0790",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0790"
            },
            {
              "name": "RHSA-2025:0849",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0849"
            },
            {
              "name": "RHSA-2025:0884",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0884"
            },
            {
              "name": "RHSA-2025:0885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0885"
            },
            {
              "name": "RHSA-2025:1120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1120"
            },
            {
              "name": "RHSA-2025:1123",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1123"
            },
            {
              "name": "RHSA-2025:1128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1128"
            },
            {
              "name": "RHSA-2025:1225",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1225"
            },
            {
              "name": "RHSA-2025:1227",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1227"
            },
            {
              "name": "RHSA-2025:1242",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1242"
            },
            {
              "name": "RHSA-2025:1451",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1451"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "name": "RHSA-2025:2701",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2701"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-12085"
            },
            {
              "name": "RHBZ#2330539",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"
            },
            {
              "url": "https://kb.cert.org/vuls/id/952657"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-12-05T12:06:36.594Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-14T15:06:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rsync: info leak via uninitialized stack contents",
          "workarounds": [
            {
              "lang": "en",
              "value": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable\u0027s memory with zeroes to prevent uninitialized memory disclosure."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-908: Use of Uninitialized Resource"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-12085",
        "datePublished": "2025-01-14T17:37:16.036Z",
        "dateReserved": "2024-12-03T08:57:53.329Z",
        "dateUpdated": "2026-06-29T20:32:05.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6536 (GCVE-0-2023-6536)

    Vulnerability from nvd – Published: 2024-02-07 21:05 – Updated: 2025-11-06 21:45
    VLAI
    Title
    Kernel: null pointer dereference in __nvmet_req_complete
    Summary
    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.58.1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::realtime
        cpe:/a:redhat:rhel_eus:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-11 00:00
    Credits
    Red Hat would like to thank Alon Zahavi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6536",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T14:26:21.002030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:22:45.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:01.771Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "name": "RHSA-2024:3810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3810"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6536"
              },
              {
                "name": "RHBZ#2254052",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0001/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.58.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::realtime",
                "cpe:/a:redhat:rhel_eus:9.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
            }
          ],
          "datePublic": "2023-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T21:45:28.671Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "name": "RHSA-2024:3810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3810"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6536"
            },
            {
              "name": "RHBZ#2254052",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: null pointer dereference in __nvmet_req_complete",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6536",
        "datePublished": "2024-02-07T21:05:13.716Z",
        "dateReserved": "2023-12-05T21:00:40.604Z",
        "dateUpdated": "2025-11-06T21:45:28.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6535 (GCVE-0-2023-6535)

    Vulnerability from nvd – Published: 2024-02-07 21:04 – Updated: 2025-11-06 21:45
    VLAI
    Title
    Kernel: null pointer dereference in nvmet_tcp_execute_request
    Summary
    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.58.1.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::crb
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::realtime
        cpe:/a:redhat:rhel_eus:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-11 00:00
    Credits
    Red Hat would like to thank Alon Zahavi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6535",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T17:12:36.607009Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T15:58:14.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:00.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "name": "RHSA-2024:3810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3810"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
              },
              {
                "name": "RHBZ#2254053",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0003/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::crb",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.58.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::realtime",
                "cpe:/a:redhat:rhel_eus:9.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
            }
          ],
          "datePublic": "2023-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T21:45:16.229Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "name": "RHSA-2024:3810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3810"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
            },
            {
              "name": "RHBZ#2254053",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: null pointer dereference in nvmet_tcp_execute_request",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6535",
        "datePublished": "2024-02-07T21:04:21.409Z",
        "dateReserved": "2023-12-05T20:50:27.727Z",
        "dateUpdated": "2025-11-06T21:45:16.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6356 (GCVE-0-2023-6356)

    Vulnerability from nvd – Published: 2024-02-07 21:04 – Updated: 2025-11-06 21:45
    VLAI
    Title
    Kernel: null pointer dereference in nvmet_tcp_build_iovec
    Summary
    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.58.1.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::crb
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::realtime
        cpe:/a:redhat:rhel_eus:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-11 00:00
    Credits
    Red Hat would like to thank Alon Zahavi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-02T13:53:04.324723Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:04.696Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:21:56.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "name": "RHSA-2024:3810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3810"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6356"
              },
              {
                "name": "RHBZ#2254054",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0002/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::crb",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.58.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::realtime",
                "cpe:/a:redhat:rhel_eus:9.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
            }
          ],
          "datePublic": "2023-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T21:45:11.718Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "name": "RHSA-2024:3810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3810"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6356"
            },
            {
              "name": "RHBZ#2254054",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: null pointer dereference in nvmet_tcp_build_iovec",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6356",
        "datePublished": "2024-02-07T21:04:20.684Z",
        "dateReserved": "2023-11-28T05:16:10.932Z",
        "dateUpdated": "2025-11-06T21:45:11.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0646 (GCVE-0-2024-0646)

    Vulnerability from nvd – Published: 2024-01-17 15:16 – Updated: 2025-11-06 20:51
    VLAI
    Title
    Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
    Summary
    An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:0723 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0724 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0725 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0850 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0851 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0876 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0881 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0897 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1248 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1250 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1251 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1253 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1268 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1269 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1278 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1306 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1377 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1382 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1404 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-0646 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2253908 issue-trackingx_refsource_REDHAT
    https://git.kernel.org/pub/scm/linux/kernel/git/t…
    https://lists.debian.org/debian-lts-announce/2024… x_transferred
    Impacted products
    Vendor Product Version
    Affected: 0 , < 6.7-rc5 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:4.18.0-193.128.1.el8_2 , < * (rpm)
        cpe:/o:redhat:rhel_tus:8.2::baseos
        cpe:/o:redhat:rhel_e4s:8.2::baseos
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:4.18.0-193.128.1.rt13.179.el8_2 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.2::realtime
        cpe:/a:redhat:rhel_tus:8.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:4.18.0-193.128.1.el8_2 , < * (rpm)
        cpe:/o:redhat:rhel_tus:8.2::baseos
        cpe:/o:redhat:rhel_e4s:8.2::baseos
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:4.18.0-193.128.1.el8_2 , < * (rpm)
        cpe:/o:redhat:rhel_tus:8.2::baseos
        cpe:/o:redhat:rhel_e4s:8.2::baseos
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions     cpe:/o:redhat:rhel_e4s:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:4.18.0-305.125.1.rt7.201.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.4::realtime
        cpe:/a:redhat:rhel_tus:8.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions     cpe:/o:redhat:rhel_e4s:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support     cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support     cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.51.1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:5.14.0-70.93.2.el9_0 , < * (rpm)
        cpe:/o:redhat:rhel_eus:9.0::baseos
        cpe:/a:redhat:rhel_eus:9.0::crb
        cpe:/a:redhat:rhel_eus:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:5.14.0-70.93.1.rt21.165.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.0::realtime
        cpe:/a:redhat:rhel_eus:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support     cpe:/o:redhat:rhel_eus:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::nfv
        cpe:/a:redhat:rhel_eus:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support     cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-07 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0850",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0850"
              },
              {
                "name": "RHSA-2024:0851",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0851"
              },
              {
                "name": "RHSA-2024:0876",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0876"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:1250",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1250"
              },
              {
                "name": "RHSA-2024:1251",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1251"
              },
              {
                "name": "RHSA-2024:1253",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1253"
              },
              {
                "name": "RHSA-2024:1268",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1268"
              },
              {
                "name": "RHSA-2024:1269",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1269"
              },
              {
                "name": "RHSA-2024:1278",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1278"
              },
              {
                "name": "RHSA-2024:1306",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1306"
              },
              {
                "name": "RHSA-2024:1367",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1367"
              },
              {
                "name": "RHSA-2024:1368",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1368"
              },
              {
                "name": "RHSA-2024:1377",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1377"
              },
              {
                "name": "RHSA-2024:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1382"
              },
              {
                "name": "RHSA-2024:1404",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1404"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0646"
              },
              {
                "name": "RHBZ#2253908",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-10T04:00:15.716357Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:19:19.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "versions": [
                {
                  "lessThan": "6.7-rc5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_tus:8.2::baseos",
                "cpe:/o:redhat:rhel_e4s:8.2::baseos",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-193.128.1.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.2::realtime",
                "cpe:/a:redhat:rhel_tus:8.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-193.128.1.rt13.179.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_tus:8.2::baseos",
                "cpe:/o:redhat:rhel_e4s:8.2::baseos",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-193.128.1.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_tus:8.2::baseos",
                "cpe:/o:redhat:rhel_e4s:8.2::baseos",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-193.128.1.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.2::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-305.125.1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.4::realtime",
                "cpe:/a:redhat:rhel_tus:8.4::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-305.125.1.rt7.201.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-305.125.1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-305.125.1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.4::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.51.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.0::baseos",
                "cpe:/a:redhat:rhel_eus:9.0::crb",
                "cpe:/a:redhat:rhel_eus:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-70.93.2.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.0::realtime",
                "cpe:/a:redhat:rhel_eus:9.0::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-70.93.1.rt21.165.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.0::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::nfv",
                "cpe:/a:redhat:rhel_eus:9.2::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-12-07T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T20:51:54.670Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0850",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0850"
            },
            {
              "name": "RHSA-2024:0851",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0851"
            },
            {
              "name": "RHSA-2024:0876",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0876"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:1250",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1250"
            },
            {
              "name": "RHSA-2024:1251",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1251"
            },
            {
              "name": "RHSA-2024:1253",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1253"
            },
            {
              "name": "RHSA-2024:1268",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1268"
            },
            {
              "name": "RHSA-2024:1269",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1269"
            },
            {
              "name": "RHSA-2024:1278",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1278"
            },
            {
              "name": "RHSA-2024:1306",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1306"
            },
            {
              "name": "RHSA-2024:1367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1367"
            },
            {
              "name": "RHSA-2024:1368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1368"
            },
            {
              "name": "RHSA-2024:1377",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1377"
            },
            {
              "name": "RHSA-2024:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1382"
            },
            {
              "name": "RHSA-2024:1404",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1404"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0646"
            },
            {
              "name": "RHBZ#2253908",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
            },
            {
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-17T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-07T06:30:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0646",
        "datePublished": "2024-01-17T15:16:45.148Z",
        "dateReserved": "2024-01-17T13:11:12.669Z",
        "dateUpdated": "2025-11-06T20:51:54.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0567 (GCVE-0-2024-0567)

    Vulnerability from nvd – Published: 2024-01-16 14:01 – Updated: 2025-11-20 18:09
    VLAI
    Title
    Gnutls: rejects certificate chain with distributed trust
    Summary
    A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 3.8.0 , < 3.8.3 (semver)
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
    Create a notification for this product.
    Date Public
    2024-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
              },
              {
                "name": "RHSA-2024:0533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0533"
              },
              {
                "name": "RHSA-2024:1082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1082"
              },
              {
                "name": "RHSA-2024:1383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1383"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0567"
              },
              {
                "name": "RHBZ#2258544",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0567",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T18:37:07.175566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T19:53:27.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.com/gnutls/gnutls",
              "defaultStatus": "unaffected",
              "packageName": "gnutls",
              "versions": [
                {
                  "lessThan": "3.8.3",
                  "status": "affected",
                  "version": "3.8.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-21.el9_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/cephcsi-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-37",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-core-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-68",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-39",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-58",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-metrics-exporter-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-81",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-79",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cli-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-57",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cosi-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-54",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-must-gather-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-26",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-cluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-hub-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/rook-ceph-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-103",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "cockpit",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "cockpit",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "cockpit",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:3.11"
              ],
              "defaultStatus": "unaffected",
              "packageName": "cockpit",
              "product": "Red Hat OpenShift Container Platform 3.11",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:09:19.787Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0533",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0533"
            },
            {
              "name": "RHSA-2024:1082",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1082"
            },
            {
              "name": "RHSA-2024:1383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1383"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0567"
            },
            {
              "name": "RHBZ#2258544",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
            },
            {
              "url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
            },
            {
              "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-16T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gnutls: rejects certificate chain with distributed trust",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0567",
        "datePublished": "2024-01-16T14:01:59.178Z",
        "dateReserved": "2024-01-16T04:02:22.392Z",
        "dateUpdated": "2025-11-20T18:09:19.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0553 (GCVE-0-2024-0553)

    Vulnerability from nvd – Published: 2024-01-16 11:40 – Updated: 2026-03-24 11:28
    VLAI
    Title
    Gnutls: incomplete fix for cve-2023-5981
    Summary
    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 3.8.0 , < 3.8.3 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:3.6.16-5.el8_6.3 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::appstream
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.6.16-7.el8_8.2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.2 , < * (rpm)
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2024-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
              },
              {
                "name": "RHSA-2024:0533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0533"
              },
              {
                "name": "RHSA-2024:0627",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0627"
              },
              {
                "name": "RHSA-2024:0796",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0796"
              },
              {
                "name": "RHSA-2024:1082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1082"
              },
              {
                "name": "RHSA-2024:1108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1108"
              },
              {
                "name": "RHSA-2024:1383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1383"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0553"
              },
              {
                "name": "RHBZ#2258412",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0553",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-16T15:03:37.625694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:19:15.472Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gnutls.org/download.html",
              "defaultStatus": "unaffected",
              "packageName": "gnutls",
              "versions": [
                {
                  "lessThan": "3.8.3",
                  "status": "affected",
                  "version": "3.8.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-8.el8_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-8.el8_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::appstream",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-5.el8_6.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-7.el8_8.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-21.el9_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/cephcsi-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-37",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-core-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-68",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-39",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-58",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-metrics-exporter-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-81",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-79",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cli-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-57",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cosi-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-54",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-must-gather-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-26",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-cluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-hub-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/rook-ceph-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-103",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T11:28:23.612Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0533",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0533"
            },
            {
              "name": "RHSA-2024:0627",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0627"
            },
            {
              "name": "RHSA-2024:0796",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0796"
            },
            {
              "name": "RHSA-2024:1082",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1082"
            },
            {
              "name": "RHSA-2024:1108",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1108"
            },
            {
              "name": "RHSA-2024:1383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1383"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0553"
            },
            {
              "name": "RHBZ#2258412",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
            },
            {
              "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
            },
            {
              "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-15T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gnutls: incomplete fix for cve-2023-5981",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-203: Observable Discrepancy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0553",
        "datePublished": "2024-01-16T11:40:50.677Z",
        "dateReserved": "2024-01-15T04:35:34.146Z",
        "dateUpdated": "2026-03-24T11:28:23.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0193 (GCVE-0-2024-0193)

    Vulnerability from nvd – Published: 2024-01-02 18:05 – Updated: 2026-03-04 06:58
    VLAI
    Title
    Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation
    Summary
    A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:1018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1248 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4412 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4415 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-0193 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2255653 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:5.14.0-70.105.1.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:5.14.0-70.105.1.rt21.177.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::nfv
        cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.55.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.55.1.rt14.340.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::realtime
        cpe:/a:redhat:rhel_eus:9.2::nfv
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2024-01-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0193",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T13:17:27.203202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T13:17:46.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.221Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:1018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1018"
              },
              {
                "name": "RHSA-2024:1019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1019"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "name": "RHSA-2024:4412",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4412"
              },
              {
                "name": "RHSA-2024:4415",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4415"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0193"
              },
              {
                "name": "RHBZ#2255653",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255653"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
              "defaultStatus": "affected",
              "packageName": "kernel"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-70.105.1.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::nfv",
                "cpe:/a:redhat:rhel_e4s:9.0::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-70.105.1.rt21.177.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.55.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::realtime",
                "cpe:/a:redhat:rhel_eus:9.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.55.1.rt14.340.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-01-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T06:58:13.138Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:1018",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1018"
            },
            {
              "name": "RHSA-2024:1019",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1019"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "name": "RHSA-2024:4412",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4412"
            },
            {
              "name": "RHSA-2024:4415",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4415"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0193"
            },
            {
              "name": "RHBZ#2255653",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255653"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-22T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-02T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation",
          "workarounds": [
            {
              "lang": "en",
              "value": "In order to trigger the issue, it requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0193",
        "datePublished": "2024-01-02T18:05:13.332Z",
        "dateReserved": "2024-01-02T10:58:11.805Z",
        "dateUpdated": "2026-03-04T06:58:13.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6610 (GCVE-0-2023-6610)

    Vulnerability from nvd – Published: 2023-12-08 16:58 – Updated: 2025-11-08 07:10
    VLAI
    Title
    Kernel: oob access in smb2_dump_detail
    Summary
    An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:0723 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0724 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0725 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0881 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0897 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1248 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1404 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6610 vdb-entryx_refsource_REDHAT
    https://bugzilla.kernel.org/show_bug.cgi?id=218219
    https://bugzilla.redhat.com/show_bug.cgi?id=2253614 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.51.1.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::crb
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::nfv
        cpe:/a:redhat:rhel_eus:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:1404",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1404"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6610"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219"
              },
              {
                "name": "RHBZ#2253614",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::crb",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.51.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::nfv",
                "cpe:/a:redhat:rhel_eus:9.2::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-08T07:10:28.228Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:1404",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1404"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6610"
            },
            {
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219"
            },
            {
              "name": "RHBZ#2253614",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-08T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: oob access in smb2_dump_detail",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6610",
        "datePublished": "2023-12-08T16:58:09.963Z",
        "dateReserved": "2023-12-08T08:25:42.667Z",
        "dateUpdated": "2025-11-08T07:10:28.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6606 (GCVE-0-2023-6606)

    Vulnerability from nvd – Published: 2023-12-08 16:58 – Updated: 2025-11-08 07:10
    VLAI
    Title
    Kernel: out-of-bounds read vulnerability in smbcalcsize
    Summary
    An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::nfv
        cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.95.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.6::baseos
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.51.1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::nfv
        cpe:/a:redhat:rhel_eus:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.95.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.6::baseos
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6606",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-11T21:20:47.767463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T14:22:01.806Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1188",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1188"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:1404",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1404"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6606"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
              },
              {
                "name": "RHBZ#2253611",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::nfv",
                "cpe:/a:redhat:enterprise_linux:8::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.6::baseos",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.95.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.51.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::nfv",
                "cpe:/a:redhat:rhel_eus:9.2::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.6::baseos",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.95.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-08T07:10:24.326Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1188",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1188"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:1404",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1404"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6606"
            },
            {
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
            },
            {
              "name": "RHBZ#2253611",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-08T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: out-of-bounds read vulnerability in smbcalcsize",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6606",
        "datePublished": "2023-12-08T16:58:08.746Z",
        "dateReserved": "2023-12-08T07:45:03.358Z",
        "dateUpdated": "2025-11-08T07:10:24.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5981 (GCVE-0-2023-5981)

    Vulnerability from nvd – Published: 2023-11-28 11:49 – Updated: 2026-02-25 18:19
    VLAI
    Title
    Gnutls: timing side-channel in the rsa-psk authentication
    Summary
    A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
    CWE
    • CWE-208 - Observable Timing Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:3.6.16-5.el8_6.2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::appstream
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.6.16-7.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2023-11-15 00:00
    Credits
    This issue was discovered by Daiki Ueno (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:53.708Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
              },
              {
                "name": "RHSA-2024:0155",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0155"
              },
              {
                "name": "RHSA-2024:0319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0319"
              },
              {
                "name": "RHSA-2024:0399",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0399"
              },
              {
                "name": "RHSA-2024:0451",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0451"
              },
              {
                "name": "RHSA-2024:0533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0533"
              },
              {
                "name": "RHSA-2024:1383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1383"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5981"
              },
              {
                "name": "RHBZ#2248445",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-8.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-8.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::appstream",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-5.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos",
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-7.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-21.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/cephcsi-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-37",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-core-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-68",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-39",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-58",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-metrics-exporter-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-81",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-79",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cli-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-57",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cosi-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-54",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-must-gather-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-26",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-cluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-hub-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/rook-ceph-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-103",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Daiki Ueno (Red Hat)."
            }
          ],
          "datePublic": "2023-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-208",
                  "description": "Observable Timing Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:19:40.648Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0155",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0155"
            },
            {
              "name": "RHSA-2024:0319",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0319"
            },
            {
              "name": "RHSA-2024:0399",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0399"
            },
            {
              "name": "RHSA-2024:0451",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0451"
            },
            {
              "name": "RHSA-2024:0533",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0533"
            },
            {
              "name": "RHSA-2024:1383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1383"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5981"
            },
            {
              "name": "RHBZ#2248445",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
            },
            {
              "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-07T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-11-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gnutls: timing side-channel in the rsa-psk authentication",
          "workarounds": [
            {
              "lang": "en",
              "value": "To address the issue found upgrade to GnuTLS 3.8.2 or later versions."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-208: Observable Timing Discrepancy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5981",
        "datePublished": "2023-11-28T11:49:50.138Z",
        "dateReserved": "2023-11-07T08:05:10.875Z",
        "dateUpdated": "2026-02-25T18:19:40.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12085 (GCVE-0-2024-12085)

    Vulnerability from cvelistv5 – Published: 2025-01-14 17:37 – Updated: 2026-06-29 20:32
    VLAI
    Title
    Rsync: info leak via uninitialized stack contents
    Summary
    A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHBA-2025:6470 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0324 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0325 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0637 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0688 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0774 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0787 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0790 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0849 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0884 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1120 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1123 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1128 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1227 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1242 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1451 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:2701 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-12085 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2330539 issue-trackingx_refsource_REDHAT
    https://kb.cert.org/vuls/id/952657
    https://github.com/google/security-research/secur… exploit
    https://security.netapp.com/advisory/ntap-2025013…
    https://lists.debian.org/debian-lts-announce/2025…
    https://www.kb.cert.org/vuls/id/952657
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 3.3.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.4.1-2.el10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Unaffected: 0:3.0.6-12.el6_10.1 , < * (rpm)
        cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:3.1.2-12.el7_9.1 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.1.3-20.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:3.1.3-7.el8_2.3 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:3.1.3-12.el8_4.3 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:3.1.3-12.el8_4.3 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:3.1.3-12.el8_4.3 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:3.1.3-14.el8_6.6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:3.1.3-14.el8_6.6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:3.1.3-14.el8_6.6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.1.3-20.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.3-20.el9_5.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:3.2.3-9.el9_0.3 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.2.3-19.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:3.2.3-19.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 412.86.202502100314-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202503112237-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el8
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202502111902-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202501281917-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202502051822-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-454 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-17 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-537 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-4 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-339 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-320 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-552 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v3.3.2-9 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.17-12 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-725 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-342 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-88 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-25 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-11 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v0.4.0-340 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-5 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v1.1.0-321 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v3.3.2-8 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-6 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-9 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v5.9.11-4 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v0.1.0-724 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v0.1.0-341 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat RHOL-5.9-RHEL-9 Unaffected: v0.34.1-30 , < * (rpm)
        cpe:/a:redhat:logging:5.9::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1 Unaffected: 1.8.0 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Date Public
    2025-01-14 15:06
    Credits
    Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12085",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T04:55:14.796829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:27.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:52:11.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/952657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/RsyncProject/rsync",
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.1-2.el10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:6"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.6-12.el6_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.2-12.el7_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-20.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-7.el8_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-12.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-12.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-12.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-14.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-14.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-14.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-20.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-20.el9_5.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-20.el9_5.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-9.el9_0.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-19.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.3-19.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "412.86.202502100314-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el8",
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202503112237-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202502111902-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202501281917-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-ansible-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-helm-rhel9-operator",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-operator-sdk-rhel9",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202502051822-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-454",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-17",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-537",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-339",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-320",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-552",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v3.3.2-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.17-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-725",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-342",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-88",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-25",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-340",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-321",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v3.3.2-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.9.11-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-724",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-341",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.9-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.34.1-30",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-must-gather-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
            }
          ],
          "datePublic": "2025-01-14T15:06:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:32:05.763Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:6470",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:6470"
            },
            {
              "name": "RHSA-2025:0324",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0324"
            },
            {
              "name": "RHSA-2025:0325",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0325"
            },
            {
              "name": "RHSA-2025:0637",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0637"
            },
            {
              "name": "RHSA-2025:0688",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0688"
            },
            {
              "name": "RHSA-2025:0714",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0714"
            },
            {
              "name": "RHSA-2025:0774",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0774"
            },
            {
              "name": "RHSA-2025:0787",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0787"
            },
            {
              "name": "RHSA-2025:0790",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0790"
            },
            {
              "name": "RHSA-2025:0849",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0849"
            },
            {
              "name": "RHSA-2025:0884",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0884"
            },
            {
              "name": "RHSA-2025:0885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0885"
            },
            {
              "name": "RHSA-2025:1120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1120"
            },
            {
              "name": "RHSA-2025:1123",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1123"
            },
            {
              "name": "RHSA-2025:1128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1128"
            },
            {
              "name": "RHSA-2025:1225",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1225"
            },
            {
              "name": "RHSA-2025:1227",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1227"
            },
            {
              "name": "RHSA-2025:1242",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1242"
            },
            {
              "name": "RHSA-2025:1451",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1451"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "name": "RHSA-2025:2701",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2701"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-12085"
            },
            {
              "name": "RHBZ#2330539",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"
            },
            {
              "url": "https://kb.cert.org/vuls/id/952657"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-12-05T12:06:36.594Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-14T15:06:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rsync: info leak via uninitialized stack contents",
          "workarounds": [
            {
              "lang": "en",
              "value": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable\u0027s memory with zeroes to prevent uninitialized memory disclosure."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-908: Use of Uninitialized Resource"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-12085",
        "datePublished": "2025-01-14T17:37:16.036Z",
        "dateReserved": "2024-12-03T08:57:53.329Z",
        "dateUpdated": "2026-06-29T20:32:05.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6536 (GCVE-0-2023-6536)

    Vulnerability from cvelistv5 – Published: 2024-02-07 21:05 – Updated: 2025-11-06 21:45
    VLAI
    Title
    Kernel: null pointer dereference in __nvmet_req_complete
    Summary
    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.58.1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::realtime
        cpe:/a:redhat:rhel_eus:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-11 00:00
    Credits
    Red Hat would like to thank Alon Zahavi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6536",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T14:26:21.002030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:22:45.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:01.771Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "name": "RHSA-2024:3810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3810"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6536"
              },
              {
                "name": "RHBZ#2254052",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0001/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.58.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::realtime",
                "cpe:/a:redhat:rhel_eus:9.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
            }
          ],
          "datePublic": "2023-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T21:45:28.671Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "name": "RHSA-2024:3810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3810"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6536"
            },
            {
              "name": "RHBZ#2254052",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: null pointer dereference in __nvmet_req_complete",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6536",
        "datePublished": "2024-02-07T21:05:13.716Z",
        "dateReserved": "2023-12-05T21:00:40.604Z",
        "dateUpdated": "2025-11-06T21:45:28.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6535 (GCVE-0-2023-6535)

    Vulnerability from cvelistv5 – Published: 2024-02-07 21:04 – Updated: 2025-11-06 21:45
    VLAI
    Title
    Kernel: null pointer dereference in nvmet_tcp_execute_request
    Summary
    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.58.1.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::crb
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::realtime
        cpe:/a:redhat:rhel_eus:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-11 00:00
    Credits
    Red Hat would like to thank Alon Zahavi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6535",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T17:12:36.607009Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T15:58:14.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:00.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "name": "RHSA-2024:3810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3810"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
              },
              {
                "name": "RHBZ#2254053",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0003/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::crb",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.58.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::realtime",
                "cpe:/a:redhat:rhel_eus:9.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
            }
          ],
          "datePublic": "2023-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T21:45:16.229Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "name": "RHSA-2024:3810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3810"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
            },
            {
              "name": "RHBZ#2254053",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: null pointer dereference in nvmet_tcp_execute_request",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6535",
        "datePublished": "2024-02-07T21:04:21.409Z",
        "dateReserved": "2023-12-05T20:50:27.727Z",
        "dateUpdated": "2025-11-06T21:45:16.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6356 (GCVE-0-2023-6356)

    Vulnerability from cvelistv5 – Published: 2024-02-07 21:04 – Updated: 2025-11-06 21:45
    VLAI
    Title
    Kernel: null pointer dereference in nvmet_tcp_build_iovec
    Summary
    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.58.1.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::crb
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::realtime
        cpe:/a:redhat:rhel_eus:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-11 00:00
    Credits
    Red Hat would like to thank Alon Zahavi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-02T13:53:04.324723Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:04.696Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:21:56.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "name": "RHSA-2024:3810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3810"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6356"
              },
              {
                "name": "RHBZ#2254054",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0002/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::crb",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.58.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::realtime",
                "cpe:/a:redhat:rhel_eus:9.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
            }
          ],
          "datePublic": "2023-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T21:45:11.718Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "name": "RHSA-2024:3810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3810"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6356"
            },
            {
              "name": "RHBZ#2254054",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: null pointer dereference in nvmet_tcp_build_iovec",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6356",
        "datePublished": "2024-02-07T21:04:20.684Z",
        "dateReserved": "2023-11-28T05:16:10.932Z",
        "dateUpdated": "2025-11-06T21:45:11.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0646 (GCVE-0-2024-0646)

    Vulnerability from cvelistv5 – Published: 2024-01-17 15:16 – Updated: 2025-11-06 20:51
    VLAI
    Title
    Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
    Summary
    An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:0723 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0724 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0725 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0850 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0851 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0876 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0881 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0897 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1248 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1250 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1251 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1253 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1268 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1269 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1278 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1306 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1377 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1382 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1404 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-0646 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2253908 issue-trackingx_refsource_REDHAT
    https://git.kernel.org/pub/scm/linux/kernel/git/t…
    https://lists.debian.org/debian-lts-announce/2024… x_transferred
    Impacted products
    Vendor Product Version
    Affected: 0 , < 6.7-rc5 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:4.18.0-193.128.1.el8_2 , < * (rpm)
        cpe:/o:redhat:rhel_tus:8.2::baseos
        cpe:/o:redhat:rhel_e4s:8.2::baseos
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:4.18.0-193.128.1.rt13.179.el8_2 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.2::realtime
        cpe:/a:redhat:rhel_tus:8.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:4.18.0-193.128.1.el8_2 , < * (rpm)
        cpe:/o:redhat:rhel_tus:8.2::baseos
        cpe:/o:redhat:rhel_e4s:8.2::baseos
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:4.18.0-193.128.1.el8_2 , < * (rpm)
        cpe:/o:redhat:rhel_tus:8.2::baseos
        cpe:/o:redhat:rhel_e4s:8.2::baseos
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions     cpe:/o:redhat:rhel_e4s:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:4.18.0-305.125.1.rt7.201.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.4::realtime
        cpe:/a:redhat:rhel_tus:8.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions     cpe:/o:redhat:rhel_e4s:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support     cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support     cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.51.1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:5.14.0-70.93.2.el9_0 , < * (rpm)
        cpe:/o:redhat:rhel_eus:9.0::baseos
        cpe:/a:redhat:rhel_eus:9.0::crb
        cpe:/a:redhat:rhel_eus:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:5.14.0-70.93.1.rt21.165.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.0::realtime
        cpe:/a:redhat:rhel_eus:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support     cpe:/o:redhat:rhel_eus:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::nfv
        cpe:/a:redhat:rhel_eus:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support     cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-07 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0850",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0850"
              },
              {
                "name": "RHSA-2024:0851",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0851"
              },
              {
                "name": "RHSA-2024:0876",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0876"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:1250",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1250"
              },
              {
                "name": "RHSA-2024:1251",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1251"
              },
              {
                "name": "RHSA-2024:1253",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1253"
              },
              {
                "name": "RHSA-2024:1268",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1268"
              },
              {
                "name": "RHSA-2024:1269",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1269"
              },
              {
                "name": "RHSA-2024:1278",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1278"
              },
              {
                "name": "RHSA-2024:1306",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1306"
              },
              {
                "name": "RHSA-2024:1367",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1367"
              },
              {
                "name": "RHSA-2024:1368",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1368"
              },
              {
                "name": "RHSA-2024:1377",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1377"
              },
              {
                "name": "RHSA-2024:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1382"
              },
              {
                "name": "RHSA-2024:1404",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1404"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0646"
              },
              {
                "name": "RHBZ#2253908",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-10T04:00:15.716357Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:19:19.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "versions": [
                {
                  "lessThan": "6.7-rc5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_tus:8.2::baseos",
                "cpe:/o:redhat:rhel_e4s:8.2::baseos",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-193.128.1.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.2::realtime",
                "cpe:/a:redhat:rhel_tus:8.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-193.128.1.rt13.179.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_tus:8.2::baseos",
                "cpe:/o:redhat:rhel_e4s:8.2::baseos",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-193.128.1.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_tus:8.2::baseos",
                "cpe:/o:redhat:rhel_e4s:8.2::baseos",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-193.128.1.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.2::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-305.125.1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.4::realtime",
                "cpe:/a:redhat:rhel_tus:8.4::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-305.125.1.rt7.201.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-305.125.1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-305.125.1.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.4::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.51.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.0::baseos",
                "cpe:/a:redhat:rhel_eus:9.0::crb",
                "cpe:/a:redhat:rhel_eus:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-70.93.2.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.0::realtime",
                "cpe:/a:redhat:rhel_eus:9.0::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-70.93.1.rt21.165.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.0::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::nfv",
                "cpe:/a:redhat:rhel_eus:9.2::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kpatch-patch",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-12-07T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T20:51:54.670Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0850",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0850"
            },
            {
              "name": "RHSA-2024:0851",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0851"
            },
            {
              "name": "RHSA-2024:0876",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0876"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:1250",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1250"
            },
            {
              "name": "RHSA-2024:1251",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1251"
            },
            {
              "name": "RHSA-2024:1253",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1253"
            },
            {
              "name": "RHSA-2024:1268",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1268"
            },
            {
              "name": "RHSA-2024:1269",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1269"
            },
            {
              "name": "RHSA-2024:1278",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1278"
            },
            {
              "name": "RHSA-2024:1306",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1306"
            },
            {
              "name": "RHSA-2024:1367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1367"
            },
            {
              "name": "RHSA-2024:1368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1368"
            },
            {
              "name": "RHSA-2024:1377",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1377"
            },
            {
              "name": "RHSA-2024:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1382"
            },
            {
              "name": "RHSA-2024:1404",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1404"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0646"
            },
            {
              "name": "RHBZ#2253908",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
            },
            {
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-17T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-07T06:30:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0646",
        "datePublished": "2024-01-17T15:16:45.148Z",
        "dateReserved": "2024-01-17T13:11:12.669Z",
        "dateUpdated": "2025-11-06T20:51:54.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0567 (GCVE-0-2024-0567)

    Vulnerability from cvelistv5 – Published: 2024-01-16 14:01 – Updated: 2025-11-20 18:09
    VLAI
    Title
    Gnutls: rejects certificate chain with distributed trust
    Summary
    A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 3.8.0 , < 3.8.3 (semver)
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
    Create a notification for this product.
    Date Public
    2024-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
              },
              {
                "name": "RHSA-2024:0533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0533"
              },
              {
                "name": "RHSA-2024:1082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1082"
              },
              {
                "name": "RHSA-2024:1383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1383"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0567"
              },
              {
                "name": "RHBZ#2258544",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0567",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T18:37:07.175566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T19:53:27.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.com/gnutls/gnutls",
              "defaultStatus": "unaffected",
              "packageName": "gnutls",
              "versions": [
                {
                  "lessThan": "3.8.3",
                  "status": "affected",
                  "version": "3.8.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-21.el9_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/cephcsi-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-37",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-core-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-68",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-39",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-58",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-metrics-exporter-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-81",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-79",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cli-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-57",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cosi-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-54",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-must-gather-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-26",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-cluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-hub-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/rook-ceph-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-103",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "cockpit",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "cockpit",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "cockpit",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:3.11"
              ],
              "defaultStatus": "unaffected",
              "packageName": "cockpit",
              "product": "Red Hat OpenShift Container Platform 3.11",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:09:19.787Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0533",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0533"
            },
            {
              "name": "RHSA-2024:1082",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1082"
            },
            {
              "name": "RHSA-2024:1383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1383"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0567"
            },
            {
              "name": "RHBZ#2258544",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
            },
            {
              "url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
            },
            {
              "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-16T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gnutls: rejects certificate chain with distributed trust",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0567",
        "datePublished": "2024-01-16T14:01:59.178Z",
        "dateReserved": "2024-01-16T04:02:22.392Z",
        "dateUpdated": "2025-11-20T18:09:19.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0553 (GCVE-0-2024-0553)

    Vulnerability from cvelistv5 – Published: 2024-01-16 11:40 – Updated: 2026-03-24 11:28
    VLAI
    Title
    Gnutls: incomplete fix for cve-2023-5981
    Summary
    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 3.8.0 , < 3.8.3 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:3.6.16-5.el8_6.3 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::appstream
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.6.16-7.el8_8.2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.2 , < * (rpm)
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2024-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
              },
              {
                "name": "RHSA-2024:0533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0533"
              },
              {
                "name": "RHSA-2024:0627",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0627"
              },
              {
                "name": "RHSA-2024:0796",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0796"
              },
              {
                "name": "RHSA-2024:1082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1082"
              },
              {
                "name": "RHSA-2024:1108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1108"
              },
              {
                "name": "RHSA-2024:1383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1383"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0553"
              },
              {
                "name": "RHBZ#2258412",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0553",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-16T15:03:37.625694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:19:15.472Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gnutls.org/download.html",
              "defaultStatus": "unaffected",
              "packageName": "gnutls",
              "versions": [
                {
                  "lessThan": "3.8.3",
                  "status": "affected",
                  "version": "3.8.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-8.el8_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-8.el8_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::appstream",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-5.el8_6.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-7.el8_8.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-21.el9_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/cephcsi-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-37",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-core-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-68",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-39",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-58",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-metrics-exporter-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-81",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-79",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cli-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-57",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cosi-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-54",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-must-gather-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-26",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-cluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-hub-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/rook-ceph-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-103",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T11:28:23.612Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0533",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0533"
            },
            {
              "name": "RHSA-2024:0627",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0627"
            },
            {
              "name": "RHSA-2024:0796",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0796"
            },
            {
              "name": "RHSA-2024:1082",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1082"
            },
            {
              "name": "RHSA-2024:1108",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1108"
            },
            {
              "name": "RHSA-2024:1383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1383"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0553"
            },
            {
              "name": "RHBZ#2258412",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
            },
            {
              "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
            },
            {
              "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-15T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gnutls: incomplete fix for cve-2023-5981",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-203: Observable Discrepancy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0553",
        "datePublished": "2024-01-16T11:40:50.677Z",
        "dateReserved": "2024-01-15T04:35:34.146Z",
        "dateUpdated": "2026-03-24T11:28:23.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0193 (GCVE-0-2024-0193)

    Vulnerability from cvelistv5 – Published: 2024-01-02 18:05 – Updated: 2026-03-04 06:58
    VLAI
    Title
    Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation
    Summary
    A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:1018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1248 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4412 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4415 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-0193 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2255653 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:5.14.0-70.105.1.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:5.14.0-70.105.1.rt21.177.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::nfv
        cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.55.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.55.1.rt14.340.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::realtime
        cpe:/a:redhat:rhel_eus:9.2::nfv
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2024-01-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0193",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T13:17:27.203202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T13:17:46.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.221Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:1018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1018"
              },
              {
                "name": "RHSA-2024:1019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1019"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "name": "RHSA-2024:4412",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4412"
              },
              {
                "name": "RHSA-2024:4415",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4415"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0193"
              },
              {
                "name": "RHBZ#2255653",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255653"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
              "defaultStatus": "affected",
              "packageName": "kernel"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-70.105.1.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::nfv",
                "cpe:/a:redhat:rhel_e4s:9.0::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-70.105.1.rt21.177.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.55.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::realtime",
                "cpe:/a:redhat:rhel_eus:9.2::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.55.1.rt14.340.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-01-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T06:58:13.138Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:1018",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1018"
            },
            {
              "name": "RHSA-2024:1019",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1019"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "name": "RHSA-2024:4412",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4412"
            },
            {
              "name": "RHSA-2024:4415",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4415"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0193"
            },
            {
              "name": "RHBZ#2255653",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255653"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-22T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-02T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation",
          "workarounds": [
            {
              "lang": "en",
              "value": "In order to trigger the issue, it requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0193",
        "datePublished": "2024-01-02T18:05:13.332Z",
        "dateReserved": "2024-01-02T10:58:11.805Z",
        "dateUpdated": "2026-03-04T06:58:13.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6610 (GCVE-0-2023-6610)

    Vulnerability from cvelistv5 – Published: 2023-12-08 16:58 – Updated: 2025-11-08 07:10
    VLAI
    Title
    Kernel: oob access in smb2_dump_detail
    Summary
    An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:0723 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0724 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0725 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0881 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0897 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1248 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1404 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6610 vdb-entryx_refsource_REDHAT
    https://bugzilla.kernel.org/show_bug.cgi?id=218219
    https://bugzilla.redhat.com/show_bug.cgi?id=2253614 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::realtime
        cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.51.1.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::crb
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/a:redhat:enterprise_linux:9::nfv
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::nfv
        cpe:/a:redhat:rhel_eus:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0724",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0724"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:1404",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1404"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6610"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219"
              },
              {
                "name": "RHBZ#2253614",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::realtime",
                "cpe:/a:redhat:enterprise_linux:8::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::crb",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.51.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::nfv",
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::nfv",
                "cpe:/a:redhat:rhel_eus:9.2::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.91.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-08T07:10:28.228Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0724",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0724"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:1404",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1404"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6610"
            },
            {
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219"
            },
            {
              "name": "RHBZ#2253614",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-08T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: oob access in smb2_dump_detail",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6610",
        "datePublished": "2023-12-08T16:58:09.963Z",
        "dateReserved": "2023-12-08T08:25:42.667Z",
        "dateUpdated": "2025-11-08T07:10:28.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6606 (GCVE-0-2023-6606)

    Vulnerability from cvelistv5 – Published: 2023-12-08 16:58 – Updated: 2025-11-08 07:10
    VLAI
    Title
    Kernel: out-of-bounds read vulnerability in smbcalcsize
    Summary
    An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::nfv
        cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.95.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.6::baseos
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.51.1.el8_8 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::crb
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::nfv
        cpe:/a:redhat:rhel_eus:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.95.1.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.6::baseos
        cpe:/o:redhat:rhev_hypervisor:4.4::el8
        cpe:/a:redhat:rhel_eus:8.6::crb
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6606",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-11T21:20:47.767463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T14:22:01.806Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0723"
              },
              {
                "name": "RHSA-2024:0725",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0725"
              },
              {
                "name": "RHSA-2024:0881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0881"
              },
              {
                "name": "RHSA-2024:0897",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0897"
              },
              {
                "name": "RHSA-2024:1188",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1188"
              },
              {
                "name": "RHSA-2024:1248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1248"
              },
              {
                "name": "RHSA-2024:1404",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1404"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6606"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
              },
              {
                "name": "RHBZ#2253611",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::nfv",
                "cpe:/a:redhat:enterprise_linux:8::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-513.18.1.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.6::baseos",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.95.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-477.51.1.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-362.24.1.el9_3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::crb",
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::nfv",
                "cpe:/a:redhat:rhel_eus:9.2::realtime"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.6::baseos",
                "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
                "cpe:/a:redhat:rhel_eus:8.6::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0-372.95.1.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-08T07:10:24.326Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0723"
            },
            {
              "name": "RHSA-2024:0725",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0725"
            },
            {
              "name": "RHSA-2024:0881",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0881"
            },
            {
              "name": "RHSA-2024:0897",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0897"
            },
            {
              "name": "RHSA-2024:1188",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1188"
            },
            {
              "name": "RHSA-2024:1248",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1248"
            },
            {
              "name": "RHSA-2024:1404",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1404"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6606"
            },
            {
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
            },
            {
              "name": "RHBZ#2253611",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-08T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: out-of-bounds read vulnerability in smbcalcsize",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
            }
          ],
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6606",
        "datePublished": "2023-12-08T16:58:08.746Z",
        "dateReserved": "2023-12-08T07:45:03.358Z",
        "dateUpdated": "2025-11-08T07:10:24.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5981 (GCVE-0-2023-5981)

    Vulnerability from cvelistv5 – Published: 2023-11-28 11:49 – Updated: 2026-02-25 18:19
    VLAI
    Title
    Gnutls: timing side-channel in the rsa-psk authentication
    Summary
    A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
    CWE
    • CWE-208 - Observable Timing Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:3.6.16-5.el8_6.2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.6::appstream
        cpe:/o:redhat:rhel_eus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.6.16-7.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_eus:8.8::baseos
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/o:redhat:rhel_eus:9.2::baseos
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56 , < * (rpm)
        cpe:/a:redhat:logging:5.8::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2023-11-15 00:00
    Credits
    This issue was discovered by Daiki Ueno (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:53.708Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
              },
              {
                "name": "RHSA-2024:0155",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0155"
              },
              {
                "name": "RHSA-2024:0319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0319"
              },
              {
                "name": "RHSA-2024:0399",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0399"
              },
              {
                "name": "RHSA-2024:0451",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0451"
              },
              {
                "name": "RHSA-2024:0533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0533"
              },
              {
                "name": "RHSA-2024:1383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1383"
              },
              {
                "name": "RHSA-2024:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2094"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5981"
              },
              {
                "name": "RHBZ#2248445",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-8.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-8.el8_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.6::appstream",
                "cpe:/o:redhat:rhel_eus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-5.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:8.8::baseos",
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.16-7.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-23.el9_3.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/o:redhat:rhel_eus:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.6-21.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/cephcsi-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-37",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-core-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-68",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/mcg-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-39",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-58",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-metrics-exporter-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-81",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-79",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cli-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-57",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-cosi-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-54",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-must-gather-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-26",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-cluster-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-hub-operator-bundle",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-158",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odr-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/rook-ceph-rhel9-operator",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.0-103",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-22",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/cluster-logging-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch6-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v6.8.1-407",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.0.0-479",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/elasticsearch-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/eventrouter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.4.0-247",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/fluentd-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.1.0-227",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-curator5-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.1-470",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-loki-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v2.9.6-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/logging-view-plugin-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-operator-bundle",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/loki-rhel9-operator",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v5.8.6-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/lokistack-gateway-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-525",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/opa-openshift-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.1.0-224",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:logging:5.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/vector-rhel9",
              "product": "RHOL-5.8-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v0.28.1-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gnutls",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Daiki Ueno (Red Hat)."
            }
          ],
          "datePublic": "2023-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-208",
                  "description": "Observable Timing Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:19:40.648Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0155",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0155"
            },
            {
              "name": "RHSA-2024:0319",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0319"
            },
            {
              "name": "RHSA-2024:0399",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0399"
            },
            {
              "name": "RHSA-2024:0451",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0451"
            },
            {
              "name": "RHSA-2024:0533",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0533"
            },
            {
              "name": "RHSA-2024:1383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1383"
            },
            {
              "name": "RHSA-2024:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2094"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5981"
            },
            {
              "name": "RHBZ#2248445",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
            },
            {
              "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-07T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-11-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gnutls: timing side-channel in the rsa-psk authentication",
          "workarounds": [
            {
              "lang": "en",
              "value": "To address the issue found upgrade to GnuTLS 3.8.2 or later versions."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-208: Observable Timing Discrepancy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5981",
        "datePublished": "2023-11-28T11:49:50.138Z",
        "dateReserved": "2023-11-07T08:05:10.875Z",
        "dateUpdated": "2026-02-25T18:19:40.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }