A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | |
https://access.redhat.com/errata/RHSA-2024:2950 | |
https://access.redhat.com/errata/RHSA-2024:3138 | |
https://access.redhat.com/security/cve/CVE-2023-39194 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2226788 | Issue Tracking Patch Third Party Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/ | Patch Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2024:2394 | |
https://access.redhat.com/errata/RHSA-2024:2950 | |
https://access.redhat.com/errata/RHSA-2024:3138 | |
https://access.redhat.com/security/cve/CVE-2023-39194 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2226788 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html | |
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/ | Patch Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 08:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.2 |
References |
|
|
References | () https://access.redhat.com/errata/RHSA-2024:2394 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2950 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3138 - | |
References | () https://access.redhat.com/security/cve/CVE-2023-39194 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2226788 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/ - Patch, Third Party Advisory, VDB Entry |
13 Sep 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Oct 2023, 13:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.4 |
11 Oct 2023, 20:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.3 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2226788 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-39194 - Third Party Advisory | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/ - Patch, Third Party Advisory, VDB Entry | |
CWE | CWE-125 | |
First Time |
Linux
Redhat Linux linux Kernel Fedoraproject Fedoraproject fedora Redhat enterprise Linux |
|
CPE | cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:* |
09 Oct 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-09 18:15
Updated : 2024-11-21 08:14
NVD link : CVE-2023-39194
Mitre link : CVE-2023-39194
CVE.ORG link : CVE-2023-39194
JSON object : View
Products Affected
fedoraproject
- fedora
redhat
- enterprise_linux
linux
- linux_kernel
CWE
CWE-125
Out-of-bounds Read