Unrated severityNVD Advisory· Published Jul 25, 2023· Updated Nov 14, 2025
Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr
CVE-2023-3773
Description
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
65cpe:/a:redhat:enterprise_linux:9::appstream+ 4 more
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:5.14.0-362.8.1.el9_3
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
- osv-coords59 versionspkg:apk/chainguard/hyperv-daemonspkg:apk/chainguard/hyperv-daemons-6.18pkg:apk/chainguard/hyperv-daemons-genericpkg:apk/chainguard/linuxpkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-aws-6.12-boot-installedpkg:apk/chainguard/linux-aws-6.12-fips-boot-installedpkg:apk/chainguard/linux-aws-6.12-headerspkg:apk/chainguard/linux-aws-6.12-modulespkg:apk/chainguard/linux-aws-6.18pkg:apk/chainguard/linux-aws-6.18-boot-installedpkg:apk/chainguard/linux-aws-6.18-fips-boot-installedpkg:apk/chainguard/linux-aws-6.18-headerspkg:apk/chainguard/linux-aws-6.18-modulespkg:apk/chainguard/linux-aws-genericpkg:apk/chainguard/linux-aws-generic-boot-configurationpkg:apk/chainguard/linux-aws-generic-boot-installedpkg:apk/chainguard/linux-aws-generic-fips-boot-installedpkg:apk/chainguard/linux-aws-generic-headerspkg:apk/chainguard/linux-aws-generic-modulespkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-azure-6.18pkg:apk/chainguard/linux-azure-6.18-boot-installedpkg:apk/chainguard/linux-azure-6.18-fips-boot-installedpkg:apk/chainguard/linux-azure-6.18-headerspkg:apk/chainguard/linux-azure-6.18-modulespkg:apk/chainguard/linux-azure-genericpkg:apk/chainguard/linux-azure-generic-boot-configurationpkg:apk/chainguard/linux-azure-generic-boot-installedpkg:apk/chainguard/linux-azure-generic-fips-boot-installedpkg:apk/chainguard/linux-azure-generic-headerspkg:apk/chainguard/linux-azure-generic-modulespkg:apk/chainguard/linux-boot-configurationpkg:apk/chainguard/linux-boot-installedpkg:apk/chainguard/linux-gcp-6.12pkg:apk/chainguard/linux-gcp-6.18pkg:apk/chainguard/linux-gcp-6.18-boot-installedpkg:apk/chainguard/linux-gcp-6.18-fips-boot-installedpkg:apk/chainguard/linux-gcp-6.18-headerspkg:apk/chainguard/linux-gcp-6.18-modulespkg:apk/chainguard/linux-gcp-genericpkg:apk/chainguard/linux-gcp-generic-boot-installedpkg:apk/chainguard/linux-gcp-generic-fips-boot-installedpkg:apk/chainguard/linux-gcp-generic-headerspkg:apk/chainguard/linux-gcp-generic-modulespkg:apk/chainguard/linux-modulespkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-qemu-6.18pkg:apk/chainguard/linux-qemu-genericpkg:apk/chainguard/linux-qemu-generic-bootc-boot-installedpkg:apk/chainguard/linux-qemu-melangepkg:apk/chainguard/linux-qemu-rcpkg:apk/chainguard/linux-qemu-rc-boot-installedpkg:apk/chainguard/linux-qemu-rc-fips-boot-installedpkg:apk/chainguard/linux-qemu-rc-headerspkg:apk/chainguard/linux-qemu-rc-modulespkg:apk/chainguard/linux-vmware-6.12pkg:apk/chainguard/linux-vmware-6.18pkg:apk/chainguard/linux-vmware-generic
< 0+ 58 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 6.18.5-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
3- access.redhat.com/errata/RHSA-2023:6583mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-3773mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.