{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4881", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "REJECTED", "assignerShortName": "redhat", "dateReserved": "2023-09-11T09:09:18.930Z", "datePublished": "2023-09-11T16:35:56.435Z", "dateUpdated": "2023-09-20T17:36:50.978Z", "dateRejected": "2023-09-20T17:36:50.978Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-20T17:36:50.978Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team."}], "id": "CVE-2023-4881", "lastModified": "2023-11-07T04:23:08.100", "metrics": {}, "published": "2023-09-11T17:15:07.547", "references": [], "sourceIdentifier": "[email protected]", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "kernel: netfilter: stack out-of-bounds write in nft_exthdr ip/tcp/sctp functions", "id": "2238312", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238312"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-787", "details": ["A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service."], "name": "CVE-2023-4881", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-09-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-4881\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4881\nhttps://github.com/torvalds/linux/commit/fd94d9dadee58e09b49075240fe83423eb1dcd36"], "statement": "CVE-2023-4881 was initially assigned to a bug that was then deemed to be a non-security issue by the Linux kernel security team."}