CVE-2023-3773

2023-07-2500:00:00

ubuntu.com

linux kernel

ip framework

out-of-bounds read

sensitive data leakage

xfrm subsystem

netlink attributes

heap data.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.6%

JSON

A flaw was found in the Linux kernel’s IP framework for transforming
packets (XFRM subsystem). This issue may allow a malicious user with
CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of
XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential
leakage of sensitive heap data to userspace.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-91.101UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-39.40UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1051.56UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1017.17UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1051.56~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.2< 6.2.0-1017.17~22.04.1UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1053.61UNKNOWN
ubuntu23.04noarchlinux-azure< 6.2.0-1018.18UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1053.61~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure-6.2< 6.2.0-1018.18~22.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< 5.15.0-91.101	UNKNOWN
ubuntu	23.04	noarch	linux	< 6.2.0-39.40	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1051.56	UNKNOWN
ubuntu	23.04	noarch	linux-aws	< 6.2.0-1017.17	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1051.56~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.2	< 6.2.0-1017.17~22.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1053.61	UNKNOWN
ubuntu	23.04	noarch	linux-azure	< 6.2.0-1018.18	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< 5.15.0-1053.61~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.2	< 6.2.0-1018.18~22.04.1	UNKNOWN