NVD Vulnerability Detail

CVE-2023-39194

Summary	A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.
Publication Date	Oct. 10, 2023, 3:15 a.m.
Registration Date	Oct. 10, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:14 p.m.

Affected software configurations

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:38:::::::*

Related information, measures and tools

No	URL	タグ
1	https://access.redhat.com/errata/RHSA-2024:2394
2	https://access.redhat.com/errata/RHSA-2024:2394
3	https://access.redhat.com/errata/RHSA-2024:2950
4	https://access.redhat.com/errata/RHSA-2024:2950
5	https://access.redhat.com/errata/RHSA-2024:3138
6	https://access.redhat.com/errata/RHSA-2024:3138
7	https://access.redhat.com/security/cve/CVE-2023-39194	Third Party Advisory
8	https://access.redhat.com/security/cve/CVE-2023-39194	Third Party Advisory
9	https://bugzilla.redhat.com/show_bug.cgi?id=2226788	Issue Tracking Patch Third Party Advisory
10	https://bugzilla.redhat.com/show_bug.cgi?id=2226788	Issue Tracking Patch Third Party Advisory
11	https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
12	https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/	Patch Third Party Advisory VDB Entry
13	https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/	Patch Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html

JVN Vulnerability Information

Linux の Linux Kernel 等複数ベンダの製品における境界外読み取りに関する脆弱性

Title	Linux の Linux Kernel 等複数ベンダの製品における境界外読み取りに関する脆弱性
Summary	Linux の Linux Kernel 等複数ベンダの製品には、境界外読み取りに関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 26, 2023, midnight
Registration Date	Dec. 22, 2023, 4:37 p.m.
Last Update	Dec. 22, 2023, 4:37 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 8.0

Red Hat Enterprise Linux 9.0

Fedora Project

Fedora 38

Linux

Linux Kernel 6.5

Linux Kernel 6.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2023-39194	https://www.cve.org/CVERecord?id=CVE-2023-39194
National Vulnerability Database (NVD)
2	CVE-2023-39194	https://nvd.nist.gov/vuln/detail/CVE-2023-39194
Red Hat Customer Portal
3	CVE-2023-39194	https://access.redhat.com/security/cve/CVE-2023-39194

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

No	Name	URL
Fedora
1	トップページ	https://fedoraproject.org/ja/
Linux Kernel
2	Linux Kernel Archives	https://www.kernel.org
Red Hat Bugzilla
3	Bug 2226788	https://bugzilla.redhat.com/show_bug.cgi?id=2226788

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-23-348-10	https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
JVN
2	JVNVU#98271228	https://jvn.jp/vu/JVNVU98271228/
関連文書
3	www.zerodayinitiative.com (ZDI-CAN-18111)	https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/

Change Log

No	Changed Details	Date of change
1	[2023年12月22日] 掲載	Dec. 22, 2023, 3:15 p.m.