Ubuntu.comUB:CVE-2023-3773CVE-2023-3773
0.0005 Low
EPSS
Percentile
16.7%
A flaw was found in the Linux kernel’s IP framework for transforming
packets (XFRM subsystem). This issue may allow a malicious user with
CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of
XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential
leakage of sensitive heap data to userspace.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | linux | < 5.15.0-91.101 | UNKNOWN |
| ubuntu | 23.04 | noarch | linux | < 6.2.0-39.40 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1051.56 | UNKNOWN |
| ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1017.17 | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1051.56~20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws-6.2 | < 6.2.0-1017.17~22.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1053.61 | UNKNOWN |
| ubuntu | 23.04 | noarch | linux-azure | < 6.2.0-1018.18 | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1053.61~20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-azure-6.2 | < 6.2.0-1018.18~22.04.1 | UNKNOWN |
References
access.redhat.com/security/cve/CVE-2023-3773
launchpad.net/bugs/cve/CVE-2023-3773
lore.kernel.org/all/[email protected]/T/#u
nvd.nist.gov/vuln/detail/CVE-2023-3773
security-tracker.debian.org/tracker/CVE-2023-3773
ubuntu.com/security/notices/USN-6415-1
ubuntu.com/security/notices/USN-6534-1
ubuntu.com/security/notices/USN-6534-2
ubuntu.com/security/notices/USN-6534-3
ubuntu.com/security/notices/USN-6549-1
ubuntu.com/security/notices/USN-6549-2
ubuntu.com/security/notices/USN-6549-3
ubuntu.com/security/notices/USN-6549-4
ubuntu.com/security/notices/USN-6549-5
www.cve.org/CVERecord?id=CVE-2023-3773
Related
