CVE-2023-44466

Updated: 2024-01-21 19:39:06.16483

Description:

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 8.8 HIGH Already Fixed 2024-01-29 08:43:31
AlmaLinux 9.2 FIPS kernel 5.14.0 8.8 HIGH Released CLSA-2024:1712570434 2024-04-08 10:43:27
CentOS 6 ELS kernel 2.6.32 8.8 HIGH Not Vulnerable 2023-10-11 03:23:22
CentOS 7 ELS kernel 3.10.0 8.8 HIGH Not Vulnerable 2023-10-11 03:23:21
CentOS 8.4 ELS kernel 4.18.0 8.8 HIGH Not Vulnerable 2023-10-11 03:23:21
CentOS 8.5 ELS kernel 4.18.0 8.8 HIGH Not Vulnerable 2023-10-11 03:23:21
CloudLinux 6 ELS kernel 2.6.32 8.8 HIGH Not Vulnerable 2023-10-11 03:23:22
Oracle Linux 6 ELS kernel 2.6.32 8.8 HIGH Not Vulnerable 2023-10-11 05:07:55
Ubuntu 16.04 ELS linux 4.4.0 8.8 HIGH Not Vulnerable 2023-10-11 05:07:56
Ubuntu 16.04 ELS linux-hwe 4.15.0 8.8 HIGH Not Vulnerable 2023-10-11 03:23:23
Total: 11