CVE-2023-3773

Updated: 2024-11-30 04:19:01.53971

Description:

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 4.4

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 4.4 MEDIUM Ignored 2024-06-27 08:38:18
AlmaLinux 9.2 FIPS kernel 5.14.0 4.4 MEDIUM Ignored 2023-11-21 04:11:46
CentOS 6 ELS kernel 2.6.32 4.4 MEDIUM Ignored 2023-10-27 11:06:45
CentOS 7 ELS kernel 3.10.0 4.4 MEDIUM Ignored 2023-10-27 11:06:45
CentOS 8.4 ELS kernel 4.18.0 4.4 MEDIUM Ignored 2023-08-04 05:05:48
CentOS 8.5 ELS kernel 4.18.0 4.4 MEDIUM Ignored 2023-08-04 05:05:48
CentOS Stream 8 ELS kernel 4.18.0 4.4 MEDIUM Ignored 2024-06-24 11:20:01
CloudLinux 6 ELS kernel 2.6.32 4.4 MEDIUM Ignored 2023-10-27 11:06:45
CloudLinux 7 ELS kernel 3.10.0 4.4 MEDIUM Ignored 2024-10-03 10:51:59
Oracle Linux 6 ELS kernel 2.6.32 4.4 MEDIUM Ignored 2023-10-27 11:06:45
Total: 13