CVE-2023-7192

Published: Jan 2, 2024Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

Affected (3)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 6.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (26)

https://access.redhat.com/errata/RHSA-2024:0723

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0725

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1188

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1250

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1306

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1367

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1382

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1404

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2006

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2008

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-7192

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2256279

Source: secalert@redhat.com

Issue TrackingPatch

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83

Source: secalert@redhat.com

Mailing ListPatch

https://access.redhat.com/errata/RHSA-2024:0723

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0725

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1188

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1250

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1306

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1367

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1382

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1404

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2006

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2008

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2023-7192

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2256279

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

Timeline

No history available yet.