CVE-2023-39194: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2023-39194) was discovered in the XFRM subsystem of the Linux kernel. The flaw was found within the processing of state filters, which can result in a read past the end of an allocated buffer. This vulnerability was discovered by Lucas Leong of Trend Micro Zero Day Initiative and was publicly disclosed on September 29, 2023. The issue affects Linux kernel versions up to (excluding) 6.5 (NVD, ZDI).

The vulnerability exists in the _xfrmstatefiltermatch() function within the XFRM subsystem. The issue stems from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 4.4 (Medium) by NIST and 3.2 (Low) by Red Hat, with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (NVD, ZDI).

The vulnerability allows local privileged attackers with CAPNETADMIN capability to trigger an out-of-bounds read, potentially leading to information disclosure. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to escalate privileges and potentially execute arbitrary code in the context of the kernel (ZDI).

The vulnerability has been fixed in Linux kernel version 6.5-rc7 through a patch that addresses the validation issue. The fix was committed to the mainline kernel via commit dfa73c17d55b. Various Linux distributions have also released security updates to address this vulnerability, including Red Hat Enterprise Linux, Debian, and Ubuntu (Debian, Red Hat).