CVE-2023-44466

HIGH

Linux Kernel 5.11-5.15.121 - Remote Code Execution via Integer Signedness Error in ceph_decode_32

Title source: llm
STIX 2.1

Description

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.

Scores

CVSS v3 8.8
EPSS 0.5458
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (1)
linux/linux_kernel 5.11 - 5.15.121
Published Sep 29, 2023
Tracked Since Feb 18, 2026