Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2023-3090

Public on 2023-06-28
Modified on 2024-01-12
Description

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.

The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.

We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core kernel 2023-06-21 19:11 ALAS2-2023-2100
Amazon Linux 2 - Kernel-5.10 Extra kernel 2023-06-21 19:12 ALAS2KERNEL-5.10-2023-034
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-06-21 19:12 ALAS2KERNEL-5.15-2023-021
Amazon Linux 2 - Kernel-5.4 Extra kernel 2023-06-21 19:12 ALAS2KERNEL-5.4-2023-047
Amazon Linux 2023 kernel 2023-06-21 19:11 ALAS2023-2023-228
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.313-235.533 2023-08-17 17:03 ALAS2LIVEPATCH-2023-136
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.314-237.533 2023-08-17 17:03 ALAS2LIVEPATCH-2023-135
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.314-238.539 2023-08-17 17:03 ALAS2LIVEPATCH-2023-134
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.177-158.645 2023-08-17 17:03 ALAS2LIVEPATCH-2023-141
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.178-162.673 2023-08-17 17:03 ALAS2LIVEPATCH-2023-140
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.179-166.674 2023-08-17 17:03 ALAS2LIVEPATCH-2023-139
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.179-168.710 2023-08-17 17:03 ALAS2LIVEPATCH-2023-138
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.179-171.711 2023-08-17 17:03 ALAS2LIVEPATCH-2023-137
Amazon Linux 2023 kernel-livepatch-6.1.25-37.47 2023-09-15 20:55 ALAS2023LIVEPATCH-2023-019
Amazon Linux 2023 kernel-livepatch-6.1.27-43.48 2023-09-15 20:55 ALAS2023LIVEPATCH-2023-016
Amazon Linux 2023 kernel-livepatch-6.1.29-47.49 2023-09-15 20:55 ALAS2023LIVEPATCH-2023-017
Amazon Linux 2023 kernel-livepatch-6.1.29-50.88 2023-09-15 20:55 ALAS2023LIVEPATCH-2023-018

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2023-3090 Mitre: CVE-2023-3090 FAQs regarding Amazon Linux ALAS/CVE Severity