CVE-2023-39197

🗓️ 23 Jan 2024 03:04:26Reported by redhatType

Out-of-bounds read vuln in Netfilter Connection Tracking (conntrack) in Linux kernel. Allows remote disclosure via DCCP protocol

Reporter	Title	Published	Views	Family All 256
Tenable Nessus	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-299)	24 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2023-039 (ALASKERNEL-5.10-2023-039)	6 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2023-025 (ALASKERNEL-5.15-2023-025)	14 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2023-054 (ALASKERNEL-5.4-2023-054)	6 Oct 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2024-1144)	8 Feb 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2024-1672)	17 May 202400:00	–	nessus
Tenable Nessus	MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.1.el7.AXS7 (AXSA:2024-8651:24)	20 Jan 202600:00	–	nessus
Tenable Nessus	Photon OS 4.0: Linux PHSA-2021-4.0-0065	22 Jul 202100:00	–	nessus
Tenable Nessus	Photon OS 3.0: Linux PHSA-2024-3.0-0723	24 Jul 202400:00	–	nessus
Tenable Nessus	Photon OS 5.0: Linux PHSA-2024-5.0-0187	24 Jul 202400:00	–	nessus

NVD

Node

linux linux_kernelRange2.6.26–5.4.251

linux linux_kernelRange5.5–5.10.188

linux linux_kernelRange5.11–5.15.121

linux linux_kernelRange5.16–6.1.39

linux linux_kernelRange6.2–6.3.13

linux linux_kernelRange6.4–6.4.4

Node

fedoraproject fedoraMatch38

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2023-39197
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

20 Nov 2025 19:52Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.14 - 7.5

EPSS0.00039

SSVC

CWE-125