What is CVE-2023-44466?

CVE-2023-44466 is a vulnerability in N/a. Published 2023-09-29.

Is CVE-2023-44466 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-44466

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of a…

EPSS: 0.546 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

chenghungpan/test_
fkie-cad/nvd-json-data-feeds

References

github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph
www.spinics.net/lists/ceph-devel/msg57909.html
github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/
security.netapp.com/advisory/ntap-20231116-0003/

Frequently asked questions

What is CVE-2023-44466?: CVE-2023-44466 is a vulnerability in N/a. Published 2023-09-29.
Is CVE-2023-44466 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.