CVE-2023-0179

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 20

Advisories 41

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

Weaknesses

CWE-190: Integer Overflow or Wraparound

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-03-27 22:15:20
(17 months ago)
Updated Date: 2023-08-11 19:12:04
(13 months ago)

Affected Products

Redhat

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.5.0 version and prior 5.10.164 version	cpe:2.3:o:linux:linux_kernel	>= 5.5.0	< 5.10.164
Linux Kernel from 5.11 version and prior 5.15.89 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.89
Linux Kernel from 5.16 version and prior 6.1.7 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.7

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts
	Canonical Ubuntu Linux 22.04	cpe:2.3:o:canonical:ubuntu_linux:22.04:::*:lts

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 36	cpe:2.3:o:fedoraproject:fedora:36
	Fedoraproject Fedora 37	cpe:2.3:o:fedoraproject:fedora:37

Configuration #4

		CPE23	From	Up To
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0
	Redhat Enterprise Linux Eus 9.0	cpe:2.3:o:redhat:enterprise_linux_eus:9.0
	Redhat Enterprise Linux for Ibm Z Systems 9.0	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0
	Redhat Enterprise Linux for Power Little Endian 9.0	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0
	Redhat Enterprise Linux for Power Little Endian Eus 9.0	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0
	Redhat Enterprise Linux for Real Time 9.0	cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0
	Redhat Enterprise Linux for Real Time For Nfv 9.0	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0
	Redhat Enterprise Linux Server 9.0	cpe:2.3:o:redhat:enterprise_linux_server:9.0
	Redhat Enterprise Linux Server for Power Little Endian Update Services For Sap Solutions 9.0	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0

Configuration #5

AND

		CPE23
OR
	Redhat Codeready Linux Builder	cpe:2.3:a:redhat:codeready_linux_builder:-
OR
	Running on/with
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0
OR
	Running on/with
	Redhat Enterprise Linux Eus 9.0	cpe:2.3:o:redhat:enterprise_linux_eus:9.0
OR
	Running on/with
	Redhat Enterprise Linux for Ibm Z Systems 9.0	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0
OR
	Running on/with
	Redhat Enterprise Linux for Ibm Z Systems Eus 9.0	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0
OR
	Running on/with
	Redhat Enterprise Linux for Power Little Endian 9.0	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0
OR
	Running on/with
	Redhat Enterprise Linux for Power Little Endian Eus 9.0	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0
OR
	Running on/with
	Redhat Enterprise Linux Server 9.0	cpe:2.3:o:redhat:enterprise_linux_server:9.0

Weaknesses

Affected Products

Canonical

Fedoraproject

Linux