Bug 2218342 (CVE-2023-39197, ZDI-CAN-21202) - CVE-2023-39197 kernel: DCCP: conntrack out-of-bounds read in nf_conntrack_dccp_packet()
Summary: CVE-2023-39197 kernel: DCCP: conntrack out-of-bounds read in nf_conntrack_dcc...
Keywords:
Status: NEW
Alias: CVE-2023-39197, ZDI-CAN-21202
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2218343 2218344 2218345 2218346 2248722
Blocks: 2209594
TreeView+ depends on / blocked
 
Reported: 2023-06-28 19:11 UTC by Mauro Matteo Cascella
Modified: 2023-12-20 10:26 UTC (History)
54 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Mauro Matteo Cascella 2023-06-28 19:11:18 UTC
An out-of-bounds read vulnerability was found in the Netfilter Connection Tracking (conntrack) in the Linux kernel. A remote user could potentially exploit this flaw to disclose sensitive information via DCCP protocol.

Comment 9 Mauro Matteo Cascella 2023-11-08 14:40:05 UTC
More information will be available in the following ZDI advisory:
https://www.zerodayinitiative.com/advisories/ZDI-CAN-21202

Comment 10 Mauro Matteo Cascella 2023-11-08 14:40:54 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2248722]

Comment 11 Justin M. Forbes 2023-11-08 18:27:44 UTC
This was fixed for Fedora with the 6.4.4 stable kernel updates.


Note You need to log in before you can comment on or make changes to this bug.