Lucene search

OracleCVELIST:CVE-2023-22024

HistorySep 20, 2023 - 8:39 p.m.

CVE-2023-22024

2023-09-2020:39:57

oracle

www.cve.org

unbreakable enterprise kernel

rds module

setsockopt

cap_net_admin

crash

cvss 3.1

availability impacts

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CNA Affected

[
  {
    "product": "Oracle Linux",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Oracle Linux: 6"
      },
      {
        "status": "affected",
        "version": "Oracle Linux: 7"
      },
      {
        "status": "affected",
        "version": "Oracle Linux: 8"
      },
      {
        "status": "affected",
        "version": "Oracle Linux: 9"
      }
    ]
  },
  {
    "product": "Oracle VM",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Oracle VM: 3"
      }
    ]
  }
]

References

linux.oracle.com/cve/CVE-2023-22024.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for CVELIST:CVE-2023-22024