Vulnerability DatabaseCVE-2023-39192
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-39192
October 09, 2023
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.
Related Resources (6)
https://bugzilla.redhat.com/show_bug.cgi?id=2226784
https://access.redhat.com/errata/RHSA-2024:2950
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://access.redhat.com/errata/RHSA-2024:3138
https://access.redhat.com/security/cve/CVE-2023-39192
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408/
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
NONE
Subsequent System Availability
LOW
CVSS v3
Base Score:
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Out-of-bounds Read
CWE-125
EPSS
Base Score:
0.01