CVE-2023-0179

CWE-190Integer Overflow32 documents8 sources
Severity
7.8HIGH
EPSS
0.5%
top 34.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Linux LinuxLinux Linux KernelCanonical Ubuntu Linux+10 more
Timeline
PublishedMar 27
Latest updateMar 27

Description

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages26 packages

NVDlinux/linux_kernel5.5.05.10.164+2
CVEListV5linux/linuxf6ae9f120dada00abfb47313364c35118469455f550efeff989b041f3746118c0ddd863c39ddc1aa+4
Debianlinux< 5.10.162-1+3
Ubuntulinux< 4.15.0-206.217+2
Ubuntulinux-gcp< 4.15.0-1146.162~16.04.1+2

Also affects: Ubuntu Linux 16.04, 18.04, 20.04, 22.04, Enterprise Linux 9.0, Fedora 36, 37

🔴Vulnerability Details

13
OSV
CVE-2023-0179: A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel2023-03-27
OSV
Kernel Live Patch Security Notice2023-03-27
CVEList
CVE-2023-0179: A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel2023-03-27
OSV
linux-intel-iotg vulnerabilities2023-03-16
OSV
linux-kvm vulnerabilities2023-03-09

📋Vendor Advisories

18
Red Hat
kernel: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits2025-03-27
Ubuntu
Kernel Live Patch Security Notice2023-03-27
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-03-16
Ubuntu
Linux kernel (KVM) vulnerabilities2023-03-14
Microsoft
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses and potentially allow Local Privilege Esca2023-03-14