Home

CVE-2021-3570

Description

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.226

Associated Vulnerability

VulnerabilityOS Platform
Linuxptp update (ELSA-2021-2658) linuxptp-2.0-2.el7_9.1.x86_64.rpmLinux
(RHSA-2021:2658) linuxptp security update linuxptp-2.0-2.el7_9.1.x86_64.rpmLinux
(RHSA-2021:2660) linuxptp security update linuxptp-2.0-5.el8_4.1.x86_64.rpmLinux
(RHSA-2021:2660) linuxptp security update linuxptp-debugsource-2.0-5.el8_4.1.x86_64.rpmLinux
linuxptp security update(DSA-4938-1) linuxptp_1.9.2-1+deb10u1_amd64.debLinux
linuxptp security update(DSA-4938-1) linuxptp_1.9.2-1+deb10u1_i386.debLinux
linuxptp security update(DSA-4938-1) Debian_linuxptp_1.9.2-1+deb10u1_amd64.debLinux
SUSE-SU-2021:2545-1(SUSE Linux Enterprise Server 12-SP5 ) linuxptp-1.8+git65.g303b08c-3.3.1.x86_64.rpmLinux
SUSE-SU-2021:2545-1(SUSE Linux Enterprise Server 12-SP5 ) linuxptp-debuginfo-1.8+git65.g303b08c-3.3.1.x86_64.rpmLinux
SUSE-SU-2021:2545-1(SUSE Linux Enterprise Server 12-SP5 ) linuxptp-debugsource-1.8+git65.g303b08c-3.3.1.x86_64.rpmLinux
(RHSA-2021:2658)Important: security update linuxptp-debuginfo-2.0-2.el7_9.1.x86_64.rpmLinux
Precision Time Protocol (PTP, IEEE1588) implementation for Linux (USN-6097-1) linuxptp_1.8-1ubuntu0.1_i386.debLinux
Precision Time Protocol (PTP, IEEE1588) implementation for Linux (USN-6097-1) linuxptp_1.8-1ubuntu0.1_amd64.debLinux
Precision Time Protocol (PTP, IEEE1588) implementation for Linux (USN-6097-1) linuxptp_1.9.2-1ubuntu0.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234