Login Sign Up

CVE-2023-3090

7.8 HIGH

📋 TL;DR

This CVE describes a heap out-of-bounds write vulnerability in the Linux Kernel's ipvlan network driver that allows local attackers to escalate privileges. The vulnerability occurs due to missing skb->cb initialization and affects systems with CONFIG_IPVLAN enabled. Attackers with local access can exploit this to gain root privileges on vulnerable systems.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Kernel versions before commit 90cbed5247439a966b645b34eb0a2e037836ea8e
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if CONFIG_IPVLAN is enabled in kernel configuration. Many distributions don't enable this by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root privileges, leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local user or compromised service escalates to root, enabling lateral movement, credential harvesting, and further system exploitation.

🟢

If Mitigated

With proper access controls and minimal local user accounts, impact is limited but still allows privilege escalation for any local user.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and CONFIG_IPVLAN enabled. No public exploit code has been disclosed as of the available references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel with commit 90cbed5247439a966b645b34eb0a2e037836ea8e or later

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing commit 90cbed5247439a966b645b34eb0a2e037836ea8e. 2. Check distribution-specific security advisories for patched kernel packages. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable ipvlan module

linux

Prevent loading of the vulnerable ipvlan kernel module

echo 'install ipvlan /bin/false' >> /etc/modprobe.d/disable-ipvlan.conf
rmmod ipvlan 2>/dev/null || true

Blacklist ipvlan module

linux

Blacklist the ipvlan module to prevent automatic loading

echo 'blacklist ipvlan' >> /etc/modprobe.d/blacklist-ipvlan.conf

🧯 If You Can't Patch

  • Restrict local user access to minimize attack surface
  • Implement strict SELinux/AppArmor policies to limit privilege escalation

🔍 How to Verify

Check if Vulnerable:

Check if ipvlan module is loaded: lsmod | grep ipvlan. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes commit 90cbed5247439a966b645b34eb0a2e037836ea8e: git log --oneline | grep 90cbed5247439a966b645b34eb0a2e037836ea8e

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic or oops messages related to ipvlan
  • Unexpected privilege escalation events in audit logs

Network Indicators:

  • Unusual network activity from ipvlan interfaces

SIEM Query:

source="kernel" AND "ipvlan" AND ("panic" OR "oops" OR "segfault")

📊 Metadata

CVE ID: CVE-2023-3090
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 28, 2023
Last Updated: February 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3090, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)