Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1075

Опубликовано: 28 янв. 2023
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

A memory leak flaw was found in the Linux kernel's TLS protocol. This issue could allow a local user unauthorized access to some memory.

Меры по смягчению последствий

To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Virtualization 4redhat-virtualization-hostOut of support scope
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:690114.11.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:707714.11.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:072407.02.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:057530.01.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-843
https://bugzilla.redhat.com/show_bug.cgi?id=2173434kernel: net/tls: tls_is_tx_ready() checked list_entry

EPSS

Процентиль: 1%
0.00009
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1075

CVSS3: 3.3
ubuntu
около 2 лет назад

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

nvd логотип

CVE-2023-1075

CVSS3: 3.3
nvd
около 2 лет назад

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

debian логотип

CVE-2023-1075

CVSS3: 3.3
debian
около 2 лет назад

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectl ...

github логотип

GHSA-656v-jx98-63w5

CVSS3: 3.3
github
около 2 лет назад

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

fstec логотип

BDU:2023-01203

CVSS3: 3.3
fstec
больше 2 лет назад

Уязвимость реализации протокола TLS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 1%
0.00009
Низкий

3.3 Low

CVSS3