A flaw was found in the Linux kernel’s IP framework for transforming
packets (XFRM subsystem). This issue may allow a malicious user with
CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of
XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential
leakage of sensitive heap data to userspace.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < 5.15.0-91.101 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-39.40 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1051.56 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1017.17 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1051.56~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.2 | < 6.2.0-1017.17~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1053.61 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-azure | < 6.2.0-1018.18 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1053.61~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.2 | < 6.2.0-1018.18~22.04.1 | UNKNOWN |
access.redhat.com/security/cve/CVE-2023-3773
launchpad.net/bugs/cve/CVE-2023-3773
lore.kernel.org/all/[email protected]/T/#u
nvd.nist.gov/vuln/detail/CVE-2023-3773
security-tracker.debian.org/tracker/CVE-2023-3773
ubuntu.com/security/notices/USN-6415-1
ubuntu.com/security/notices/USN-6534-1
ubuntu.com/security/notices/USN-6534-2
ubuntu.com/security/notices/USN-6534-3
ubuntu.com/security/notices/USN-6549-1
ubuntu.com/security/notices/USN-6549-2
ubuntu.com/security/notices/USN-6549-3
ubuntu.com/security/notices/USN-6549-4
ubuntu.com/security/notices/USN-6549-5
www.cve.org/CVERecord?id=CVE-2023-3773