Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2383
HistoryMar 28, 2024 - 6:51 a.m.

Advisory ROSA-SA-2024-2383

2024-03-2806:51:27
ROSA LAB
abf.rosalinux.ru
21
rosa-sa-2024-2383
kernel 3.10.0
rosa-server79
nvmet_tcp_free_crypto
memory after free
privilege escalation
arbitrary code execution
update kernel
nvme-of/tcp

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.028

Percentile

90.8%

Software: kernel 3.10.0
OS: rosa-server79

package_evr_string: kernel-3.10.0-1160.105.1.el7

CVE-ID: CVE-2023-5178
BDU-ID: 2023-06750
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the nvmet_tcp_free_crypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/TCP kernel of Linux operating systems is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges or execute arbitrary code
CVE-STATUS: Not Current
CVE-REV: Update kernel

OSVersionArchitecturePackageVersionFilename
rosaanynoarchkernel< 3.10.0UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.028

Percentile

90.8%