An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
References
Link | Resource |
---|---|
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97 | Mailing List Patch |
https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph | Exploit Third Party Advisory |
https://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97 | Patch |
https://security.netapp.com/advisory/ntap-20231116-0003/ | Third Party Advisory |
https://www.spinics.net/lists/ceph-devel/msg57909.html | Mailing List Patch |
Configurations
History
21 Jan 2024, 02:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.netapp.com/advisory/ntap-20231116-0003/ - Third Party Advisory |
16 Nov 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Oct 2023, 20:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Linux
Linux linux Kernel |
|
References | (MISC) https://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97 - Patch | |
References | (MISC) https://www.spinics.net/lists/ceph-devel/msg57909.html - Mailing List, Patch | |
References | (MISC) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97 - Mailing List, Patch | |
References | (MISC) https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph - Exploit, Third Party Advisory | |
CWE | CWE-120 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
29 Sep 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-29 06:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-44466
Mitre link : CVE-2023-44466
CVE.ORG link : CVE-2023-44466
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')