CVE-2023-0179 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2023-0179?

CVE-2023-0179 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-0179?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Eus.

Vulnerability Description

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 5.5.0, < 5.10.164
Canonical	Ubuntu Linux	16.04
Fedoraproject	Fedora	36
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux Eus	9.0
Redhat	Enterprise Linux For Ibm Z Systems	9.0
Redhat	Enterprise Linux For Power Little Endian	9.0
Redhat	Enterprise Linux For Power Little Endian Eus	9.0
Redhat	Enterprise Linux For Real Time	9.0
Redhat	Enterprise Linux For Real Time For Nfv	9.0
Redhat	Enterprise Linux Server	9.0
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.0
Redhat	Codeready Linux Builder	-
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.0

Related Weaknesses (CWE)

CWE-190

References

http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2161713Issue TrackingThird Party Advisory
https://seclists.org/oss-sec/2023/q1/20ExploitMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20230511-0003/Third Party Advisory
http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2161713Issue TrackingThird Party Advisory
https://seclists.org/oss-sec/2023/q1/20ExploitMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20230511-0003/Third Party Advisory

FAQ

What is CVE-2023-0179?

CVE-2023-0179 is a vulnerability with a CVSS score of 7.8 (HIGH). A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Esc...

How severe is CVE-2023-0179?

CVE-2023-0179 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0179?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Eus.