Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2385
HistoryMar 28, 2024 - 6:53 a.m.

Advisory ROSA-SA-2024-2385

2024-03-2806:53:29
ROSA LAB
abf.rosalinux.ru
24
kernel-ml-6.6.11
rosa-server79
critical vulnerability
remote exploitation
privilege escalation
arbitrary code
linux operating system
kernel update

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.028

Percentile

90.8%

Software: kernel-ml-6.6 6.6.11
OS: rosa-server79

package_evr_string: kernel-ml-6.6.6.11-1.res7

CVE-ID: CVE-2023-5178
BDU-ID: 2023-06750
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the nvmet_tcp_free_crypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/TCP kernel of Linux operating systems is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges or execute arbitrary code
CVE-STATUS: Not Current
CVE-REV: Update kernel

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.028

Percentile

90.8%