A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 05 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 12:00:00 +0000


Mon, 16 Sep 2024 11:45:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T02:25:44.803Z

Reserved: 2023-07-19T13:55:13.694Z

Link: CVE-2023-3773

cve-icon Vulnrichment

Updated: 2024-08-02T07:08:49.757Z

cve-icon NVD

Status : Modified

Published: 2023-07-25T16:15:11.733

Modified: 2024-11-21T08:18:01.957

Link: CVE-2023-3773

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-07-23T00:00:00Z

Links: CVE-2023-3773 - Bugzilla

cve-icon OpenCVE Enrichment

No data.