PT-2022-6725 · Linux+6 · Linux Kernel+6

Lucas Leong

Published

2022-09-05

Updated

2025-01-24

CVE-2023-2860

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The issue is related to an out-of-bounds read vulnerability in the SR-IPv6 implementation in the Linux kernel, specifically within the processing of seg6 attributes. This flaw results from the improper validation of user-supplied data, allowing a read past the end of an allocated buffer. A privileged local user can exploit this to disclose sensitive information on affected installations of the Linux kernel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2023-4894

AZL-27797

BDU:2023-03728

CVE-2023-2860

OESA-2023-1393

OESA-2023-1394

OESA-2023-1397

OESA-2023-1539

OPENSUSE-SU-2023_4343-1

OPENSUSE-SU-2023_4414-1

OPENSUSE-SU-2024_1642-1

OPENSUSE-SU-2024_1644-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2023:4343-1

SUSE-SU-2023:4414-1

SUSE-SU-2024:1642-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1650-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:2189-1

SUSE-SU-2025:0231-1

USN-6247-1

ZDI-23-692

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Linuxmint

Red Os

Suse

Ubuntu

PT-2022-6725 · Linux+6 · Linux Kernel+6

CVE-2023-2860

Weakness Enumeration

Related Identifiers

Affected Products

References · 1346