Launchpad.net

CVE 2023-3773

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

Related bugs and status

CVE-2023-3773 (Candidate) is related to these bugs:

Bug #2036311: [Debian] High CVE: CVE-2023-3777/CVE-2023-4015/CVE-2023-4208/CVE-2023-4206/CVE-2023-4207/CVE-2023-3772/CVE-2022-45887/CVE-2022-45886/CVE-2022-45919/CVE-2023-3773/CVE-2023-21400 kernel: multiple CVEs

Summary				In	Importance	Status
	2036311	[Debian] High CVE: CVE-2023-3777/CVE-2023-4015/CVE-2023-4208/CVE-2023-4206/CVE-2023-4207/CVE-2023-3772/CVE-2022-45887/CVE-2022-45886/CVE-2022-45919/CVE-2023-3773/CVE-2023-21400 kernel: multiple CVEs		StarlingX	High	Fix Released

Bug #2036491: [Debian] High CVE: CVE-2023-2002/CVE-2023-21255/CVE-2023-2269/CVE-2023-31084/CVE-2023-3268/CVE-2023-3389/CVE-2023-34319/CVE-2023-4194/CVE-2023-4147/CVE-2023-4273/CVE-2022-40982/CVE-2023-4128/CVE-2023-40283/CVE-2023-1206/CVE-2023-0160 kernel: multiple CVEs

Summary				In	Importance	Status
	2036491	[Debian] High CVE: CVE-2023-2002/CVE-2023-21255/CVE-2023-2269/CVE-2023-31084/CVE-2023-3268/CVE-2023-3389/CVE-2023-34319/CVE-2023-4194/CVE-2023-4147/CVE-2023-4273/CVE-2022-40982/CVE-2023-4128/CVE-2023-40283/CVE-2023-1206/CVE-2023-0160 kernel: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-3773

Related bugs and status

Related bugs

References