CVE-2023-28772 : An issue was discovered in the Linux kernel before 5.13.3. lib/seq

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.

Published 2023-03-23 15:15:12

Updated 2025-05-05 16:15:34

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2023-28772

Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.4.133
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.12.18
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.13 and before (<) 5.13.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.51
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 2.6.27 and before (<) 4.4.276
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.15 and before (<) 4.19.198
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.276
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.14.240
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 34 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-05-05
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou@windriver.com

[PATCH 1/2] seq_buf: fix overflow in seq_buf_putmem_hex()
Mailing List;Patch;Vendor Advisory
https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/

Re: [PATCH 1/2] seq_buf: fix overflow when length is bigger than 8 - Steven Rostedt
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3

Release Notes;Vendor Advisory

CVEs referencing this url
https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7

seq_buf: Fix overflow in seq_buf_putmem_hex() · torvalds/linux@d3b1603 · GitHub
Patch;Vendor Advisory
https://lore.kernel.org/lkml/20210625122453.5e2fe304@oasis.local.home/

Re: [PATCH 1/2] seq_buf: fix overflow when length is bigger than 8 - Steven Rostedt
Mailing List;Patch;Vendor Advisory
https://security.netapp.com/advisory/ntap-20230427-0005/

CVE-2023-28772 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com

[PATCH 1/2] seq_buf: fix overflow in seq_buf_putmem_hex()

Jump to