7.8

CVE-2023-42753

Exploit

Kernel: netfilter: potential slab-out-of-bound access due to integer underflow

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4.165 < 4.5
LinuxLinux Kernel Version >= 4.9.141 < 4.10
LinuxLinux Kernel Version >= 4.14.84 < 4.15
LinuxLinux Kernel Version >= 4.19.5 < 4.19.295
LinuxLinux Kernel Version >= 4.20 < 5.4.257
LinuxLinux Kernel Version >= 5.5 < 5.10.195
LinuxLinux Kernel Version >= 5.11 < 5.15.132
LinuxLinux Kernel Version >= 5.16 < 6.1.53
LinuxLinux Kernel Version >= 6.2 < 6.4.16
LinuxLinux Kernel Version >= 6.5 < 6.5.3
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.396
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
https://access.redhat.com/errata/RHSA-2024:0412
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7370
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7379
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7382
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7389
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7411
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7418
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0340
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0378
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0461
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0562
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0563
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0593
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7539
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7558
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0089
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0113
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0134
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0346
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0347
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0371
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0376
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0402
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0403
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0999
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-42753
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2239843
Issue Tracking
https://seclists.org/oss-sec/2023/q3/216
Third Party Advisory
Exploit
Mailing List
https://www.openwall.com/lists/oss-security/2023/09/22/10