{"api_version":"1","generated_at":"2026-04-23T02:37:16+00:00","cve":"CVE-2023-39194","urls":{"html":"https://cve.report/CVE-2023-39194","api":"https://cve.report/api/cve/CVE-2023-39194.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-39194","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-39194"},"summary":{"title":"CVE-2023-39194","description":"A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-10-09 18:15:00","updated_at":"2023-11-07 04:17:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2226788","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2226788","refsource":"MISC","tags":[],"title":"2226788 – (CVE-2023-39194, ZDI-CAN-18111) CVE-2023-39194 kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/","name":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/","refsource":"MISC","tags":[],"title":"ZDI-23-1492 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-39194","name":"https://access.redhat.com/security/cve/CVE-2023-39194","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-39194","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39194","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.5","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.5","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.5","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.5","cpe7":"rc4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.5","cpe7":"rc5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.5","cpe7":"rc6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39194","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-39194","qid":"161455","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2024-12258)"},{"cve":"CVE-2023-39194","qid":"199936","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6494-1)"},{"cve":"CVE-2023-39194","qid":"199970","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6494-2)"},{"cve":"CVE-2023-39194","qid":"199976","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-1)"},{"cve":"CVE-2023-39194","qid":"199979","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6532-1)"},{"cve":"CVE-2023-39194","qid":"199996","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6549-1)"},{"cve":"CVE-2023-39194","qid":"199997","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6548-1)"},{"cve":"CVE-2023-39194","qid":"199999","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6548-2)"},{"cve":"CVE-2023-39194","qid":"200002","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-2)"},{"cve":"CVE-2023-39194","qid":"200003","title":"Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-6549-2)"},{"cve":"CVE-2023-39194","qid":"200006","title":"Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6548-3)"},{"cve":"CVE-2023-39194","qid":"200007","title":"Ubuntu Security Notification for Linux kernel (Low Latency) Vulnerabilities (USN-6549-3)"},{"cve":"CVE-2023-39194","qid":"200010","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-3)"},{"cve":"CVE-2023-39194","qid":"200024","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6549-4)"},{"cve":"CVE-2023-39194","qid":"200035","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6549-5)"},{"cve":"CVE-2023-39194","qid":"200037","title":"Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6548-5)"},{"cve":"CVE-2023-39194","qid":"356357","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-1838"},{"cve":"CVE-2023-39194","qid":"356409","title":"Amazon Linux Security Advisory for kernel : ALAS2-2023-2264"},{"cve":"CVE-2023-39194","qid":"356606","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-053"},{"cve":"CVE-2023-39194","qid":"390296","title":"Oracle VM Server for x86 Security Update for kernel (OVMSA-2024-0004)"},{"cve":"CVE-2023-39194","qid":"6000429","title":"Debian Security Update for linux (DLA 3710-1)"},{"cve":"CVE-2023-39194","qid":"673534","title":"EulerOS Security Update for kernel (EulerOS-SA-2024-1086)"},{"cve":"CVE-2023-39194","qid":"673595","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3247)"},{"cve":"CVE-2023-39194","qid":"673644","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3336)"},{"cve":"CVE-2023-39194","qid":"673692","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3275)"},{"cve":"CVE-2023-39194","qid":"673923","title":"EulerOS Security Update for kernel (EulerOS-SA-2024-1062)"},{"cve":"CVE-2023-39194","qid":"673995","title":"EulerOS Security Update for kernel (EulerOS-SA-2024-1275)"},{"cve":"CVE-2023-39194","qid":"674042","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3304)"},{"cve":"CVE-2023-39194","qid":"755059","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4035-1)"},{"cve":"CVE-2023-39194","qid":"755060","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4031-1)"},{"cve":"CVE-2023-39194","qid":"755063","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4032-1)"},{"cve":"CVE-2023-39194","qid":"755082","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4058-1)"},{"cve":"CVE-2023-39194","qid":"755083","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4057-1)"},{"cve":"CVE-2023-39194","qid":"755085","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4072-1)"},{"cve":"CVE-2023-39194","qid":"755086","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4071-1)"},{"cve":"CVE-2023-39194","qid":"755096","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4093-1)"},{"cve":"CVE-2023-39194","qid":"755229","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4072-2)"},{"cve":"CVE-2023-39194","qid":"755235","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4377-1)"},{"cve":"CVE-2023-39194","qid":"755564","title":"SUSE Security Update for the linux kernel (SUSE-SU-2023:4348-1)"},{"cve":"CVE-2023-39194","qid":"755565","title":"SUSE Security Update for the linux kernel (SUSE-SU-2023:4347-1)"},{"cve":"CVE-2023-39194","qid":"907460","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (31268)"},{"cve":"CVE-2023-39194","qid":"907579","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (31268-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-39194","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Out-of-bounds Read","cweId":"CWE-125"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"6.5-rc7","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-39194","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-39194"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2226788","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2226788"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/","refsource":"MISC","name":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/"}]},"work_around":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.2,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-09 18:15:00","lastModifiedDate":"2023-11-07 04:17:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}