CVE-2023-1075

Advisory lineage Upstream: 0 Downstream: 31

Downstream

DEBIAN-CVE-2023-1075 RHSA-2023:6583 RHSA-2023:6901 RHSA-2023:7077 RHSA-2024:0575 RHSA-2024:0724

Modified

Published: 27 Mar 2023, 00:00

Last modified:24 Feb 2025, 17:05

Vulnerability Summary

Overall Risk (default)

low

13/100

CVSS Score

3.3 LOW

v3.1 (cve.org)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Mar 2023, 00:00

Published

Vulnerability first disclosed

24 Feb 2025, 17:05

Last Modified

Vulnerability information updated

Description

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

CVSS Metrics

v3.1•LOW•Score: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-843•Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Affected Systems

linux•linux_kernel
na

References (1)

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb