CVE-2023-2156Reachable Assertion in Kernel

CWE-617Reachable Assertion23 documents9 sources
Severity
7.5HIGHNVD
OSV7.1OSV7.0OSV5.7
EPSS
2.1%
top 15.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedMay 9
Latest updateOct 31

Description

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel5.75.10.184+4
Debianlinux/linux_kernel< 5.10.179-2+3
Ubuntulinux/linux_kernel< 5.15.0-86.96

Also affects: Debian Linux 10.0, Enterprise Linux 9.0, Fedora 38

🔴Vulnerability Details

12
OSV
linux-nvidia-6.2 vulnerabilities2023-10-31
OSV
linux-intel-iotg-5.15 vulnerabilities2023-10-24
OSV
linux-raspi vulnerabilities2023-10-19
OSV
linux-intel-iotg vulnerabilities2023-10-19
OSV
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities2023-10-06

📋Vendor Advisories

9
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2023-10-31
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2023-10-19
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-10-19
Ubuntu
Linux kernel vulnerabilities2023-10-06
Ubuntu
Linux kernel vulnerabilities2023-10-05

💬Community

1
Bugzilla
CVE-2023-2156 kernel: net: IPv6 RPL protocol reachable assertion leads to DoS2023-05-08
CVE-2023-2156 — Reachable Assertion in Linux Kernel | cvebase