CVE-2023-39189
Published: October 9, 2023Last modified: October 10, 2023
Description
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | HIGH |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | Stream | linux-lts | Fixed (6.1.56-r0) |
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-39189
- https://bugzilla.redhat.com/show_bug.cgi?id=2226777
- https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html