PT-2023-5917 · Linux+9 · Linux Kernel+9

Lucas Leong

·

Published

2023-07-26

·

Updated

2024-12-19

·

CVE-2023-39189

CVSS v3.1

6.0

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl osf add callback function did not validate the user mode controlled opt num field. This flaw allows a local privileged (CAP NET ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:2394
ALSA-2024:2950
ALSA-2024:3138
ALT-PU-2023-7004
ALT-PU-2023-7185
ALT-PU-2023-7787
ALT-PU-2023-7838
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-31267
BDU:2023-06613
CESA-2024_2950
CESA-2024_3138
CVE-2023-39189
DLA-3710-1
INFSA-2024_2394
INFSA-2024_2950
INFSA-2024_3138
MGASA-2023-0328
MGASA-2023-0331
OESA-2023-1759
OESA-2023-1760
OESA-2023-1781
OESA-2023-1782
OESA-2023-1783
OPENSUSE-SU-2023_4343-1
OPENSUSE-SU-2023_4345-1
OPENSUSE-SU-2023_4347-1
OPENSUSE-SU-2023_4348-1
OPENSUSE-SU-2023_4351-1
OPENSUSE-SU-2023_4375-1
OPENSUSE-SU-2023_4378-1
OPENSUSE-SU-2023_4414-1
RHSA-2024:2394
RHSA-2024:2950
RHSA-2024:3138
RHSA-2024_2394
RHSA-2024_2950
RHSA-2024_3138
RLSA-2024:2950
RLSA-2024:3138
SUSE-SU-2023:4343-1
SUSE-SU-2023:4345-1
SUSE-SU-2023:4346-1
SUSE-SU-2023:4347-1
SUSE-SU-2023:4348-1
SUSE-SU-2023:4349-1
SUSE-SU-2023:4351-1
SUSE-SU-2023:4358-1
SUSE-SU-2023:4359-1
SUSE-SU-2023:4375-1
SUSE-SU-2023:4377-1
SUSE-SU-2023:4378-1
SUSE-SU-2023:4414-1
SUSE-SU-2024:0112-1
USN-6461-1
USN-6494-1
USN-6494-2
USN-6532-1
USN-6534-1
USN-6534-2
USN-6534-3
USN-6536-1
USN-6537-1
USN-6548-1
USN-6548-2
USN-6548-3
USN-6548-4
USN-6548-5
USN-6549-1
USN-6549-2
USN-6549-3
USN-6549-4
USN-6549-5
USN-6573-1
USN-6635-1
ZDI-24-592

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu