Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1078

Опубликовано: 07 фев. 2023
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to struct rds_msg_zcopy_info *info actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.

An out-of-bounds memory access flaw was found in the Linux kernel's RDS (Reliable Datagram Sockets) protocol due to triggering rds_message_put(). This could allow a local user to crash the system or potentially escalate their privileges on the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected
Red Hat Virtualization 4redhat-virtualization-hostNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-843
https://bugzilla.redhat.com/show_bug.cgi?id=2173440kernel: Heap OOB Write in rds_rm_zerocopy_callback()

EPSS

Процентиль: 5%
0.0002
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1078

CVSS3: 7.8
ubuntu
почти 3 года назад

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.

nvd логотип

CVE-2023-1078

CVSS3: 7.8
nvd
почти 3 года назад

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.

debian логотип

CVE-2023-1078

CVSS3: 7.8
debian
почти 3 года назад

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets ...

suse-cvrf логотип

SUSE-SU-2023:1645-1

suse-cvrf
почти 3 года назад

Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3)

suse-cvrf логотип

SUSE-SU-2023:1610-1

suse-cvrf
почти 3 года назад

Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP2)

EPSS

Процентиль: 5%
0.0002
Низкий

7.8 High

CVSS3