CVE-2023-7192 — Missing Release of Memory after Effective Lifetime in Kernel

CWE-401 — Missing Release of Memory after Effective Lifetime CWE-402 — Resource Leak14 documents9 sources

Severity

4.4MEDIUMNVD

CNA5.5

EPSS

0.0%

top 93.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux

Timeline

PublishedJan 2

Latest updateJul 16

Description

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlinux/linux_kernel< 6.3

▶Debianlinux/linux_kernel< 5.10.178-1+3

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: git.kernel.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

CVEList

Kernel: refcount leak in ctnetlink_create_conntrack()↗2024-01-02

▶

OSV

CVE-2023-7192: A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink↗2024-01-02

▶

GHSA

GHSA-mmc5-hgpc-m8q5: A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink↗2024-01-02

▶

📋Vendor Advisories

Ubuntu

Kernel Live Patch Security Notice↗2024-07-16

▶

Ubuntu

Kernel Live Patch Security Notice↗2024-03-12

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2024-02-29

▶

Ubuntu

Linux kernel vulnerabilities↗2024-02-21

▶

Ubuntu

Linux kernel vulnerability↗2024-02-20

▶

💬Community

Bugzilla

CVE-2023-7192 kernel: refcount leak in ctnetlink_create_conntrack()↗2023-12-30

▶