Vulnerability Details : CVE-2023-31084
Potential exploit
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.
Products affected by CVE-2023-31084
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-31084
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 1 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-31084
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-03-18 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2023-31084
-
The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-31084
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W/
[SECURITY] Fedora 38 Update: kernel-6.3.7-200.fc38 - package-announce - Fedora Mailing-Lists
-
https://www.debian.org/security/2023/dsa-5480
Debian -- Security Information -- DSA-5480-1 linuxThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
[SECURITY] [DLA 3508-1] linux security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W/
[SECURITY] Fedora 38 Update: kernel-6.3.7-200.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw%40mail.gmail.com/
BUG: WARNING in dvb_frontend_get_event - Yu Hao
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
[SECURITY] [DLA 3623-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/
[SECURITY] Fedora 37 Update: kernel-6.3.7-100.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
Exploit;Mailing List;Vendor Advisory
-
https://www.debian.org/security/2023/dsa-5448
Debian -- Security Information -- DSA-5448-1 linuxThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20230929-0003/
April 2023 Linux Kernel 6.2 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8c75e4a1b325ea0a9433fa8834be97b5836b946
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/
[SECURITY] Fedora 37 Update: kernel-6.3.7-100.fc37 - package-announce - Fedora Mailing-Lists
Jump to