Kernel: refcount leak in ctnetlink_create_conntrack()
CVE-2023-7192

4.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat Enterprise Linux 8.2 Telecommunications Update Service; Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor: CVE Published:; 2 January 2024

🔔 Create Red Hat Vulnerability Alert

What is CVE-2023-7192?

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

Affected Version(s)

Red Hat Enterprise Linux 8.2 Advanced Update Support 0:4.18.0-193.133.1.el8_2

Red Hat Enterprise Linux 8.2 Telecommunications Update Service 0:4.18.0-193.133.1.rt13.184.el8_2

Red Hat Enterprise Linux 8.2 Telecommunications Update Service 0:4.18.0-193.133.1.el8_2

References

https://access.redhat.com/errata/RHSA-2024:0723

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0725

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:1188

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
Dec 30, 2023

.