A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.
The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.
We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html | Third Party Advisory VDB Entry |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e | Exploit Mailing List Patch |
https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e | Patch |
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html | Mailing List |
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230731-0002/ | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5448 | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5480 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
19 Aug 2023, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jul 2023, 16:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
|
CWE | CWE-787 | |
References | (MISC) https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e - Patch | |
References | (MISC) https://www.debian.org/security/2023/dsa-5448 - Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e - Exploit, Mailing List, Patch |
06 Jul 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jun 2023, 15:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-28 20:15
Updated : 2024-06-26 15:54
NVD link : CVE-2023-3090
Mitre link : CVE-2023-3090
CVE.ORG link : CVE-2023-3090
JSON object : View
Products Affected
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-787
Out-of-bounds Write