CVE-2023-2176Out-of-bounds Read in Kernel

CWE-125Out-of-bounds Read12 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelPaloalto Pan-os
Timeline
PublishedApr 20
Latest updateApr 8

Description

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.06.1.81+1
Debianlinux/linux_kernel< 6.1.82-1+2
CVEListV5linux/linux_kernelLinux 6.1
Palo Altopaloalto/pan-os

Patches

Patch: www.spinics.netPatch: www.spinics.net

🔴Vulnerability Details

4
OSV
linux-oem-6.1 vulnerabilities2023-06-29
GHSA
GHSA-mx4p-25w4-ff2f: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma2023-04-20
OSV
CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma2023-04-20
CVEList
CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma2023-04-20

📋Vendor Advisories

6
Palo Alto
PAN-SA-2026-0006 Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS2026-04-08
Ubuntu
Linux kernel (OEM) vulnerabilities2023-07-18
Ubuntu
Linux kernel vulnerabilities2023-07-13
Ubuntu
Linux kernel (OEM) vulnerabilities2023-06-29
Debian
CVE-2023-2176: linux - A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cm...2023

💬Community

1
Bugzilla
CVE-2023-2176 kernel: Slab-out-of-bound read in compare_netdev_and_ip2023-04-19
CVE-2023-2176 — Out-of-bounds Read in Linux Kernel | cvebase