PT-2023-3516 · Linux+10 · Linux Kernel+10

Publicado

2023-05-10

·

Atualizado

2025-07-11

·

CVE-2023-3090

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG IPVLAN is enabled.
Recommendations We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.

Exploit

Correção

LPE

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2023:4377
ALSA-2023:4378
ALSA-2023:5244
ALT-PU-2023-2038
ALT-PU-2023-4401
ALT-PU-2023-4482
ALT-PU-2023-4638
ALT-PU-2023-4663
ALT-PU-2024-6818
AZL-27350
BDU:2023-03721
CESA-2023_5221
CESA-2023_5244
CESA-2023_5255
CVE-2023-3090
DLA-3508-1
DLA-3623-1
DSA-5448-1
DSA-5480-1
LSN-0097-1
LSN-0098-1
OESA-2023-1435
OESA-2023-1436
OESA-2023-1437
OESA-2023-1438
OESA-2023-1439
OESA-2025-1820
OPENSUSE-SU-2023_2859-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2023_2892-1
OPENSUSE-SU-2023_3302-1
OPENSUSE-SU-2023_3630-1
OPENSUSE-SU-2023_3644-1
OPENSUSE-SU-2023_3647-1
OPENSUSE-SU-2023_3648-1
OPENSUSE-SU-2023_3657-1
OPENSUSE-SU-2023_3671-1
OPENSUSE-SU-2023_3676-1
RHSA-2023:4377
RHSA-2023:4378
RHSA-2023:4380
RHSA-2023:4515
RHSA-2023:4516
RHSA-2023:4801
RHSA-2023:4814
RHSA-2023:4815
RHSA-2023:4817
RHSA-2023:4828
RHSA-2023:4829
RHSA-2023:4961
RHSA-2023:4962
RHSA-2023:4967
RHSA-2023:5221
RHSA-2023:5244
RHSA-2023:5255
RHSA-2023:5548
RHSA-2023:5627
RHSA-2023_4377
RHSA-2023_4378
RHSA-2023_5244
RHSA-2023_5255
RLSA-2023:4378
RLSA-2023:5244
RXSA-2023:5244
SUSE-SU-2023:2803-1
SUSE-SU-2023:2804-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2808-1
SUSE-SU-2023:2810-1
SUSE-SU-2023:2820-1
SUSE-SU-2023:2822-1
SUSE-SU-2023:2830-1
SUSE-SU-2023:2831-1
SUSE-SU-2023:2834-1
SUSE-SU-2023:2859-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:2892-1
SUSE-SU-2023:3302-1
SUSE-SU-2023:3566-1
SUSE-SU-2023:3571-1
SUSE-SU-2023:3576-1
SUSE-SU-2023:3582-1
SUSE-SU-2023:3585-1
SUSE-SU-2023:3592-1
SUSE-SU-2023:3594-1
SUSE-SU-2023:3595-1
SUSE-SU-2023:3596-1
SUSE-SU-2023:3603-1
SUSE-SU-2023:3607-1
SUSE-SU-2023:3612-1
SUSE-SU-2023:3620-1
SUSE-SU-2023:3621-1
SUSE-SU-2023:3623-1
SUSE-SU-2023:3627-1
SUSE-SU-2023:3628-1
SUSE-SU-2023:3629-1
SUSE-SU-2023:3630-1
SUSE-SU-2023:3631-1
SUSE-SU-2023:3644-1
SUSE-SU-2023:3647-1
SUSE-SU-2023:3648-1
SUSE-SU-2023:3657-1
SUSE-SU-2023:3668-1
SUSE-SU-2023:3671-1
SUSE-SU-2023:3675-1
SUSE-SU-2023:3676-1
USN-6231-1
USN-6246-1
USN-6250-1
USN-6251-1
USN-6252-1
USN-6254-1
USN-6255-1
USN-6260-1
USN-6261-1
USN-6385-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu