Published: 29/09/2023 Updated: 21/01/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

An issue exists in net/ceph/messenger_v2.c in the Linux kernel prior to 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

DescriptionAn flaw was found in net/ceph/messenger_v2c in the Linux Kernel An integer signing error leads to a buffer overflow and remote code execution via HELLO or one of the AUTH frames This issue occurs due to an untrusted length taken from a TCP packet in ceph_decode_32An flaw was found in net/ceph/messenger_v2c in the Linux Kernel ...

Check Point Reference: CPAI-2023-1534 Date Published: 19 Feb 2024 Severity: High ...

CWE-120 https://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97 https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph https://www.spinics.net/lists/ceph-devel/msg57909.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97 https://security.netapp.com/advisory/ntap-20231116-0003/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-44466 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1534.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-44466

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect