CVE-2023-34319

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 22, 2023

Updated: Jun 26, 2024

CWE ID 787

Summary

CVE-2023-34319 is a newly discovered vulnerability in Linux's netback driver. The driver was previously patched for XSA-423, but the fix introduced logic to handle packets split by a frontend. This logic did not account for the extreme case where a packet is split into an unusually large number of pieces, smaller than the designated area, resulting in a buffer overrun in the driver.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel
Xen
Debian

Affected Vendors

LINUX
Xen
Debian

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzabfT
https://www.cve.org/CVERecord?id=CVE-2023-34319
https://nvd.nist.gov/vuln/detail/CVE-2023-34319

Back to Vulnerability Database