CVE-2023-3773

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Jul 25, 2023

Updated: Nov 7, 2023

CWE ID 125

Summary

CVE-2023-3773 is a vulnerability affecting the Linux kernel's IP framework (XFRM subsystem). This issue permits a malicious user with CAP_NET_ADMIN privileges to induce a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH while parsing netlink attributes. The result is potential sensitive heap data exposure to userspace. This vulnerability could have serious implications if exploited, making it essential for system administrators to apply the necessary patches as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Red Hat Enterprise Linux
Debian
Linux Kernel

Affected Vendors

Debian
Red Hat
LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sDAP2R
https://www.cve.org/CVERecord?id=CVE-2023-3773
https://nvd.nist.gov/vuln/detail/CVE-2023-3773

Back to Vulnerability Database