CVE-2023-35001

Advisory lineage Upstream: 0 Downstream: 93

Downstream

DEBIAN-CVE-2023-35001 DLA-3512-1 DLA-3710-1 DSA-5453-1 LSN-0096-1 LSN-0097-1

Modified

Published: 05 Jul 2023, 18:35

Last modified:13 Feb 2025, 16:55

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

0.23% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Jul 2023, 18:35

Published

Vulnerability first disclosed

13 Feb 2025, 16:55

Last Modified

Vulnerability information updated

Description

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.23%• Percentile: 46%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

debian•debian_linux
11.0
fedoraproject•fedora
37 | 38
linux•linux_kernel
v3.13-rc1 | ≥ 3.13, < 4.14.322 | ≥ 4.15, ≤ 4.19.291 | ≥ 4.20, < 5.4.251 | ≥ 5.5, < 5.10.188 | ≥ 5.11, < 5.15.121 | ≥ 5.16, < 6.1.39 | ≥ 6.2, < 6.4.4
netapp•h300s_firmware
na
netapp•h410c_firmware
na
netapp•h410s_firmware
na
netapp•h500s_firmware
na
netapp•h700s_firmware
na