vulnerability
Oracle Linux: CVE-2023-4881: ELSA-2024-12610: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
1 | (AV:L/AC:L/Au:S/C:N/I:N/A:N) | 2023-09-06 | 2024-10-16 | 2025-01-23 |
Severity
1
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:N)
Published
2023-09-06
Added
2024-10-16
Modified
2025-01-23
Description
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.
A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service.
A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service.
Solution
oracle-linux-upgrade-kernel-uek

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.