CVE-2023-2670
published 2023-05-12CVE-2023-2670: A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of…
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.80%
51.9th percentile
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 4.12.0 < 4.14.316 | 4.14.316 |
| linux | linux_kernel | >= 4.15.0 < 4.19.284 | 4.19.284 |
| linux | linux_kernel | >= 4.20.0 < 5.4.244 | 5.4.244 |
| linux | linux_kernel | >= 5.11.0 < 5.15.113 | 5.15.113 |
| linux | linux_kernel | >= 5.16.0 < 6.1.30 | 6.1.30 |
| linux | linux_kernel | >= 5.5.0 < 5.10.181 | 5.10.181 |
| linux | linux_kernel | >= 6.2.0 < 6.3.4 | 6.3.4 |
| oretnom23 | lost_and_found_information_system | — | — |
| sourcecodester | lost_and_found_information_system | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
osv·2025-12-30
CVE-2023-54218 net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
In the Linux kernel, the following vulnerability has been resolved:
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
KCSAN found a data race in sock_recv_cmsgs() where the read access
to sk->sk_stamp needs READ_ONCE().
BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg
write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:
sock_write_timestamp include/net/sock.h:2670 [inline]
sock_recv_cmsgs include/net/sock.h:2722 [inline]
packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489
sock_recvmsg_nosec net/socket.c:1019 [inline]
sock_recvmsg+0x11a/0x130 net/socket.c:1040
sock_read_iter+0x176/0x220 net/socket.c:1118
call_read_iter include/linux/fs.h:1845 [inline]
new_sync_read fs/read_write.c:389 [i
GHSA
GHSA-whcv-xqvh-4327: A vulnerability was found in SourceCodester Lost and Found Information System 1
ghsa_unreviewed·2023-05-12
CVE-2023-2670 [MEDIUM] CWE-284 GHSA-whcv-xqvh-4327: A vulnerability was found in SourceCodester Lost and Found Information System 1
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability.
Red Hat
kernel: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()
vendor_redhat·2025-12-30·CVSS 3.3
CVE-2023-54218 [LOW] CWE-820 kernel: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()
kernel: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()
In the Linux kernel, the following vulnerability has been resolved:
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
KCSAN found a data race in sock_recv_cmsgs() where the read access
to sk->sk_stamp needs READ_ONCE().
BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg
write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:
sock_write_timestamp include/net/sock.h:2670 [inline]
sock_recv_cmsgs include/net/sock.h:2722 [inline]
packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489
sock_recvmsg_nosec net/socket.c:1019 [inline]
sock_recvmsg+0x11a/0x130 net/socket.c:1040
sock_read_iter+0x176/0x220 net/socket.c:1118
call_read_iter include/linux/fs.h:1845 [inline]
new_sync_read fs/read_write.c:389
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.mdhttps://vuldb.com/?ctiid.228886https://vuldb.com/?id.228886https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.mdhttps://vuldb.com/?ctiid.228886https://vuldb.com/?id.228886
2023-05-12
Published