CVE-2023-3773 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-3773

CVE-2023-3773

July 25, 2023

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

Related Resources (5)

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

https://bugzilla.redhat.com/show_bug.cgi?id=2218944

https://www.debian.org/security/2023/dsa-5492

https://access.redhat.com/errata/RHSA-2023:6583

https://access.redhat.com/security/cve/CVE-2023-3773

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

EPSS

Base Score:

0.02

Products

Solutions

Resources

Company

Compare

Developer Tools