Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-3773

Опубликовано: 23 июл. 2023
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2218944kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr

EPSS

Процентиль: 1%
0.00012
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-3773

CVSS3: 5.5
ubuntu
почти 2 года назад

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

nvd логотип

CVE-2023-3773

CVSS3: 5.5
nvd
почти 2 года назад

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

msrc логотип

CVE-2023-3773

CVSS3: 4.4
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-3773

CVSS3: 5.5
debian
почти 2 года назад

A flaw was found in the Linux kernel\u2019s IP framework for transform ...

github логотип

GHSA-2m35-m4g6-x835

CVSS3: 5.5
github
почти 2 года назад

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

EPSS

Процентиль: 1%
0.00012
Низкий

5.5 Medium

CVSS3

Уязвимость CVE-2023-3773