First published: Wed Jul 26 2023(Updated: )
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <6.6 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Fedoraproject Fedora | =38 | |
Linux kernel | ||
redhat/kernel | <6.6 | 6.6 |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-39193 is medium.
A local attacker can exploit CVE-2023-39193 by executing high-privileged code on the target system.
The affected software for CVE-2023-39193 includes Linux Kernel, Redhat Enterprise Linux, and Fedora.
The remedy for CVE-2023-39193 is to update the kernel package to version 6.6.
More information about CVE-2023-39193 can be found at the following references: [Reference 1](https://access.redhat.com/security/cve/CVE-2023-39193), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi?id=2226787), [Reference 3](https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/).