cbcvebase.
CVE-2023-3090
published 2023-06-28

CVE-2023-3090: A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlinux< linux 6.1.37-1 (bookworm)linux 6.1.37-1 (bookworm)
linuxkernel>= 3.19 < 6.46.4
linuxlinux_kernel>= 0 < 5.10.191-15.10.191-1
linuxlinux_kernel>= 0 < 6.1.37-16.1.37-1
linuxlinux_kernel>= 0 < 6.3.7-16.3.7-1
linuxlinux_kernel>= 0 < 6.3.7-16.3.7-1
linuxlinux_kernel>= 0 < 5.4.0-155.1725.4.0-155.172
linuxlinux_kernel>= 0 < 5.15.0-78.855.15.0-78.85
linuxlinux_kernel>= 0 < 4.4.0-245.2794.4.0-245.279
linuxlinux_kernel>= 0 < 4.4.0-243.2774.4.0-243.277
linuxlinux_kernel>= 0 < 4.15.0-214.2254.15.0-214.225
linuxlinux_kernel>= 0 < 4.15.0-218.2294.15.0-218.229
linuxlinux_kernel>= 0 < 5.4.0-205.2255.4.0-205.225
linuxlinux_kernel>= 0 < 5.4.0-155.1725.4.0-155.172
linuxlinux_kernel>= 0 < 5.15.0-84.935.15.0-84.93
linuxlinux_kernel>= 0 < 5.15.0-78.855.15.0-78.85
linuxlinux_kernel>= 3.19 < 4.14.3164.14.316
linuxlinux_kernel>= 4.15 < 4.19.2844.19.284
linuxlinux_kernel>= 4.20 < 5.4.2445.4.244
linuxlinux_kernel>= 5.11 < 5.15.1135.15.113
linuxlinux_kernel>= 5.16 < 6.1.306.1.30
linuxlinux_kernel>= 5.5 < 5.10.1815.10.181

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH