Bug 2218342 (CVE-2023-39197, ZDI-CAN-21202) - CVE-2023-39197 kernel: DCCP: conntrack out-of-bounds read in nf_conntrack_dccp_packet()
Summary: CVE-2023-39197 kernel: DCCP: conntrack out-of-bounds read in nf_conntrack_dcc...
Keywords:
Status: NEW
Alias: CVE-2023-39197, ZDI-CAN-21202
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2218343 2218344 2218345 2218346 2248722
Blocks: 2209594
TreeView+ depends on / blocked
 
Reported: 2023-06-28 19:11 UTC by Mauro Matteo Cascella
Modified: 2024-10-12 08:28 UTC (History)
53 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2023-06-28 19:11:18 UTC 
An out-of-bounds read vulnerability was found in the Netfilter Connection Tracking (conntrack) in the Linux kernel. A remote user could potentially exploit this flaw to disclose sensitive information via DCCP protocol.
Comment 9 Mauro Matteo Cascella 2023-11-08 14:40:05 UTC 
More information will be available in the following ZDI advisory:
https://www.zerodayinitiative.com/advisories/ZDI-CAN-21202
Comment 10 Mauro Matteo Cascella 2023-11-08 14:40:54 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2248722]
Comment 11 Justin M. Forbes 2023-11-08 18:27:44 UTC 
This was fixed for Fedora with the 6.4.4 stable kernel updates.
Note You need to log in before you can comment on or make changes to this bug.