CVE-2023-1078
CVSS v3.1
7.8 (High)
EPSS
0.04 % (5th)
Affected Products
1
Advisories
37
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to struct rds_msg_zcopy_info *info
actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2023-03-27 21:15:10
(17 months ago) - Updated Date
-
2023-11-05 19:15:08
(10 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...