Bug 2218342 (CVE-2023-39197, ZDI-CAN-21202)

Summary: CVE-2023-39197 kernel: DCCP: conntrack out-of-bounds read in nf_conntrack_dccp_packet()
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, bhu, chwhite, crwood, cye, cyin, dbohanno, ddepaula, debarbos, dfreiber, dvlasenk, egarver, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lleshchi, lzampier, mstowell, nmurray, ptalbert, qzhao, rogbas, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, security-response-team, sukulkar, tglozar, tyberry, vkumar, walters, wcosta, williams, wmealing, ycote, ykopkova, ymankad, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2218343, 2218344, 2218345, 2218346, 2248722    
Bug Blocks: 2209594    

Description Mauro Matteo Cascella 2023-06-28 19:11:18 UTC
An out-of-bounds read vulnerability was found in the Netfilter Connection Tracking (conntrack) in the Linux kernel. A remote user could potentially exploit this flaw to disclose sensitive information via DCCP protocol.

Comment 9 Mauro Matteo Cascella 2023-11-08 14:40:05 UTC
More information will be available in the following ZDI advisory:

Comment 10 Mauro Matteo Cascella 2023-11-08 14:40:54 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2248722]

Comment 11 Justin M. Forbes 2023-11-08 18:27:44 UTC
This was fixed for Fedora with the 6.4.4 stable kernel updates.