1213667 – (CVE-2023-3773) VUL-0: CVE-2023-3773: kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr

Bug 1213667 (CVE-2023-3773) - VUL-0: CVE-2023-3773: kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr

Summary: VUL-0: CVE-2023-3773: kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH...

Status:	RESOLVED FIXED

Alias:	CVE-2023-3773

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/373393/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-3773:5.5:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-07-26 08:26 UTC by Robert Frohl
Modified:	2024-06-25 17:51 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2023-07-26 08:26:14 UTC

CVE-2023-3773

A flaw was found in the Linux kernel’s IP framework for transforming packets
(XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN
privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when
parsing netlink attributes, leading to potential leakage of sensitive heap data
to userspace.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773
https://bugzilla.redhat.com/show_bug.cgi?id=2218944
https://www.cve.org/CVERecord?id=CVE-2023-3773
https://access.redhat.com/security/cve/CVE-2023-3773

Comment 1 Robert Frohl 2023-07-26 08:26:58 UTC

https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u

Comment 3 Joey Lee 2023-08-01 03:50:19 UTC

Hi Thomas, 

Because this CVE issue relates to net/xfrm subsystem. Could you please help to handle it?

If this is not in your area, just reset but assigner to kernel-bugs@suse.de. Kernel Security Sentinel will find other expert.

Thanks a lot!

Comment 4 Chester Lin 2023-08-18 04:23:41 UTC

(Ping from the KSS team)

Hi Thomas,

Any update on this issue? This bug seems to approach a good date for CVE SLA fulfillment [1].

[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel

Comment 7 Thomas Bogendoerfer 2023-09-21 09:40:26 UTC

Fix came in via stable tree and is correctly tagged in SLE15-SP6 and ALP-current

Comment 14 Robert Frohl 2024-05-22 20:22:27 UTC

done, closing