7.8
CVE-2023-42753
- EPSS 0.51%
- Veröffentlicht 25.09.2023 21:15:15
- Zuletzt bearbeitet 21.11.2024 08:23:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Kernel: netfilter: potential slab-out-of-bound access due to integer underflow
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.4.165 < 4.5
Linux ≫ Linux Kernel Version >= 4.9.141 < 4.10
Linux ≫ Linux Kernel Version >= 4.14.84 < 4.15
Linux ≫ Linux Kernel Version >= 4.19.5 < 4.19.295
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.257
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.195
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.132
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.53
Linux ≫ Linux Kernel Version >= 6.2 < 6.4.16
Linux ≫ Linux Kernel Version >= 6.5 < 6.5.3
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Debian ≫ Debian Linux Version10.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.396 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
https://access.redhat.com/errata/RHSA-2024:0412
https://access.redhat.com/errata/RHSA-2023:7370
https://access.redhat.com/errata/RHSA-2023:7379
https://access.redhat.com/errata/RHSA-2023:7382
https://access.redhat.com/errata/RHSA-2023:7389
https://access.redhat.com/errata/RHSA-2023:7411
https://access.redhat.com/errata/RHSA-2023:7418
https://access.redhat.com/errata/RHSA-2024:0340
https://access.redhat.com/errata/RHSA-2024:0378
https://access.redhat.com/errata/RHSA-2024:0461
https://access.redhat.com/errata/RHSA-2024:0562
https://access.redhat.com/errata/RHSA-2024:0563
https://access.redhat.com/errata/RHSA-2024:0593
https://access.redhat.com/errata/RHSA-2023:7539
https://access.redhat.com/errata/RHSA-2023:7558
https://access.redhat.com/errata/RHSA-2024:0089
https://access.redhat.com/errata/RHSA-2024:0113
https://access.redhat.com/errata/RHSA-2024:0134
https://access.redhat.com/errata/RHSA-2024:0346
https://access.redhat.com/errata/RHSA-2024:0347
https://access.redhat.com/errata/RHSA-2024:0371
https://access.redhat.com/errata/RHSA-2024:0376
https://access.redhat.com/errata/RHSA-2024:0402
https://access.redhat.com/errata/RHSA-2024:0403
https://access.redhat.com/errata/RHSA-2024:0999
https://access.redhat.com/security/cve/CVE-2023-42753
https://bugzilla.redhat.com/show_bug.cgi?id=2239843
https://seclists.org/oss-sec/2023/q3/216
https://www.openwall.com/lists/oss-security/2023/09/22/10