CVE-2023-39194 — Out-of-bounds Read in Kernel

CWE-125 — Out-of-bounds Read22 documents9 sources

Severity

4.4MEDIUMNVD

CNA3.2

EPSS

0.0%

top 99.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Fedoraproject Fedora Redhat Enterprise Linux

Timeline

PublishedOct 9

Latest updateJan 10

Description

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlinux/linux_kernel< 6.5+1

▶Debianlinux/linux_kernel< 5.10.197-1+3

Also affects: Enterprise Linux 8.0, 9.0, Fedora 38

Patches

Patch: bugzilla.redhat.com ↗Patch: www.zerodayinitiative.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

CVE-2023-39194: A flaw was found in the XFRM subsystem in the Linux kernel↗2023-10-09

▶

CVEList

Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()↗2023-10-09

▶

GHSA

GHSA-3qhf-qr39-9c9w: A flaw was found in the XFRM subsystem in the Linux kernel↗2023-10-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2024-01-10

▶

Ubuntu

Linux kernel (IoT) vulnerabilities↗2024-01-10

▶

Ubuntu

Linux kernel (GKE) vulnerabilities↗2024-01-09

▶

Ubuntu

Linux kernel (Intel IoTG) vulnerabilities↗2024-01-05

▶

Ubuntu

Linux kernel (Low Latency) vulnerabilities↗2023-12-13

▶

💬Community

Bugzilla

CVE-2023-39194 kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()↗2023-07-26

▶