CVE-2023-3090

Updated: 2024-11-21 21:35:31.768451

Description:

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Already Fixed 2024-01-19 10:10:36
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2024:1710164161 2024-03-11 09:55:13
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1693426883 2023-08-30 17:06:55
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1693424916 2023-08-30 17:06:56
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Released CLSA-2023:1690395161 2023-07-26 17:05:50
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2023:1689788960 2023-07-19 14:05:06
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Released CLSA-2023:1693429208 2023-08-30 17:06:57