Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv3

CVE-2023-3773

Published: 25/07/2023 Updated: 07/11/2023
CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8
VMScore: 0
Subscribe to Enterprise Linux

Vulnerability Summary

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 8.0

redhat enterprise linux 9.0

fedoraproject fedora -

linux linux kernel -

debian debian linux 10.0

debian debian linux 12.0

Vendor Advisories

Red Hat: Low: Logging Subsystem 5.8.1- Red Hat OpenShift security update
Synopsis Low: Logging Subsystem 581- Red Hat OpenShift security update Type/Severity Security Advisory: Low Topic An update is now available for RHOL-58-RHEL-9Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...
Debian Security Advisories: DSA-5492-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2023-1206 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant in ...
Red Hat:
Description<!---->A flaw was found in the Linux kernel&amp;rsquo;s IP framework for transforming packets (XFRM subsystem) This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspaceA ...

References

CWE-125https://access.redhat.com/security/cve/CVE-2023-3773https://bugzilla.redhat.com/show_bug.cgi?id=2218944https://www.debian.org/security/2023/dsa-5492https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlhttps://access.redhat.com/errata/RHSA-2023:6583https://access.redhat.com/errata/RHSA-2023:7720https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5492
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook