2023-06-28 22:00:35 +00:00
{
"id" : "CVE-2023-3090" ,
"sourceIdentifier" : "cve-coordination@google.com" ,
"published" : "2023-06-28T20:15:09.693" ,
2023-07-06 06:00:29 +00:00
"lastModified" : "2023-07-06T04:15:11.563" ,
2023-06-29 16:00:34 +00:00
"vulnStatus" : "Awaiting Analysis" ,
2023-06-28 22:00:35 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if\u00a0CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "cve-coordination@google.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "cve-coordination@google.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-787"
}
]
}
] ,
"references" : [
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e" ,
"source" : "cve-coordination@google.com"
} ,
{
"url" : "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e" ,
"source" : "cve-coordination@google.com"
2023-07-06 06:00:29 +00:00
} ,
{
"url" : "https://www.debian.org/security/2023/dsa-5448" ,
"source" : "cve-coordination@google.com"
2023-06-28 22:00:35 +00:00
}
]
}
