PT-2023-5669 · Linux+7 · Linux Kernel+7

Docfate111

Publicado

2023-07-05

Atualizado

2025-05-23

CVE-2023-44466

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.5

Description An issue was discovered in the Linux kernel, specifically in net/ceph/messenger v2.c, where an integer signedness error leads to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph decode 32. The issue allows a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For Linux kernel versions prior to 6.4.5, update to version 6.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the ceph decode 32 function until a patch is available. Avoid using the ceph decode 32 function in the affected API endpoint until the issue is resolved.

Exploit

Correção

RCE

DoS

Heap Based Buffer Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-680CWE-122CWE-120

Identificadores relacionados

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-30056

BDU:2023-06336

CESA-2023_5244

CVE-2023-44466

GHSA-JG27-JX6W-XWPH

RHSA-2023:4789

RHSA-2023:4801

RHSA-2023:4962

RHSA-2023:5069

RHSA-2023:5244

RHSA-2023_5069

RHSA-2023_5244

USN-6416-1

USN-6416-2

USN-6416-3

USN-6445-1

USN-6445-2

USN-6464-1

USN-6466-1

USN-6520-1

Produtos afetados

Alt Linux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Ubuntu

PT-2023-5669 · Linux+7 · Linux Kernel+7

CVE-2023-44466

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 86