FKIE_CVE-2023-3090

Vulnerability from fkie_nvd - Published: 2023-06-28 20:15 - Updated: 2025-02-13 17:16
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.
References
cve-coordination@google.comhttp://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.htmlThird Party Advisory, VDB Entry
cve-coordination@google.comhttp://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.htmlThird Party Advisory, VDB Entry
cve-coordination@google.comhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8eExploit, Mailing List, Patch
cve-coordination@google.comhttps://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8ePatch
cve-coordination@google.comhttps://lists.debian.org/debian-lts-announce/2023/07/msg00030.htmlMailing List
cve-coordination@google.comhttps://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlMailing List, Third Party Advisory
cve-coordination@google.comhttps://security.netapp.com/advisory/ntap-20230731-0002/Third Party Advisory
cve-coordination@google.comhttps://www.debian.org/security/2023/dsa-5448Third Party Advisory
cve-coordination@google.comhttps://www.debian.org/security/2023/dsa-5480Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8eExploit, Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8ePatch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/07/msg00030.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20230731-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5448Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5480Third Party Advisory
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
debian debian_linux 10.0
debian debian_linux 11.0
debian debian_linux 12.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4532FA63-E660-44C3-BADA-3C9128842411",
              "versionEndExcluding": "4.14.316",
              "versionStartIncluding": "3.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9112EE64-11F4-46DB-A041-95118F20F81B",
              "versionEndExcluding": "4.19.284",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79F47095-8BA3-495A-AED3-2CCA5F2838E6",
              "versionEndExcluding": "5.4.244",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5B1726B-45AA-47F2-9261-6DC963E92248",
              "versionEndExcluding": "5.10.181",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D5E1B5-AB9D-4ECC-8F11-F3E1BF761E27",
              "versionEndExcluding": "5.15.113",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9430E62-03EA-42E6-9E5E-BD1D5124D107",
              "versionEndExcluding": "6.1.30",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26C54BF0-3EED-46D4-92A7-5F07F658B49B",
              "versionEndExcluding": "6.3.4",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb  initialization in the ipvlan network driver. The vulnerability is reachable if\u00a0CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de escritura fuera de los l\u00edmites de la memoria en el controlador de red ipvlan del kernel de Linux se puede explotar para lograr la escalada de privilegios locales. La escritura fuera de los l\u00edmites se debe a la falta de inicializaci\u00f3n skb-\u0026gt;cb en el controlador de red ipvlan. La vulnerabilidad es accesible si CONFIG_IPVLAN est\u00e1 habilitada. Recomendamos actualizar al anterior commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n"
    }
  ],
  "id": "CVE-2023-3090",
  "lastModified": "2025-02-13T17:16:55.200",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-28T20:15:09.693",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Patch"
      ],
      "url": "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230731-0002/"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5448"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230731-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5480"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.