CVE-2023-3268Out-of-bounds Read in Kernel

CWE-125Out-of-bounds Read31 documents9 sources
Severity
7.1HIGHNVD
OSV6.8OSV6.5OSV5.5OSV4.7
EPSS
0.0%
top 99.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxDebian Linux+2 more
Timeline
PublishedJun 16
Latest updateFeb 15

Description

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages7 packages

Debianlinux/linux_kernel< 5.10.191-1+3
Ubuntulinux/linux_kernel< 5.4.0-162.179+3
CVEListV5linux/linux_kernelKernel version prior to 6.4-rc1

Also affects: Debian Linux 10.0, 11.0, 12.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

13
OSV
linux-bluefield vulnerabilities2023-09-26
OSV
linux-ibm, linux-ibm-5.4 vulnerabilities2023-09-11
OSV
linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities2023-09-08
OSV
linux-azure vulnerabilities2023-09-06
OSV
linux-azure-fde-5.15 vulnerabilities2023-09-06

📋Vendor Advisories

16
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-09-26
Ubuntu
Linux kernel (IBM) vulnerabilities2023-09-11
Ubuntu
Linux kernel vulnerabilities2023-09-08
Ubuntu
Linux kernel (Azure) vulnerabilities2023-09-06

💬Community

1
Bugzilla
CVE-2023-3268 kernel: out-of-bounds access in relay_file_read2023-06-16
CVE-2023-3268 — Out-of-bounds Read in Linux Kernel | cvebase