vulnerability

Oracle Linux: CVE-2023-4881: ELSA-2024-12610: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Severity
1
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:N)
Published
2023-09-06
Added
2024-10-16
Modified
2025-01-23

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.
A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service.

Solution

oracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.