CVE-2023-42752 — Integer Overflow or Wraparound in Linux

CWE-190 — Integer Overflow or Wraparound44 documents8 sources

Severity

5.5MEDIUMNVD

OSV7.8OSV7.0OSV6.5OSV5.7

EPSS

0.0%

top 97.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Cbl2 Kernel 5.15.137.1-1 ON CBL Mariner 2.0

Timeline

PublishedOct 13

Latest updateNov 28

Description

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Debianlinux/linux_kernel< 6.1.55-1+2

▶Ubuntulinux/linux_kernel< 5.4.0-165.182+6

▶NVDlinux/linux_kernel6.5.7

▶msrcmsrc/cbl2_kernel_5.15.137.1-1_on_cbl_mariner_2.0

▶debiandebian/linux< linux 6.1.55-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

Kernel Live Patch Security Notice↗2023-11-28

▶

OSV

linux-nvidia-6.2 vulnerabilities↗2023-10-31

▶

OSV

linux vulnerabilities↗2023-10-30

▶

OSV

linux-iot, linux-raspi, linux-raspi-5.4 vulnerabilities↗2023-10-30

▶

OSV

linux-oracle-5.15 vulnerabilities↗2023-10-26

▶

📋Vendor Advisories

Ubuntu

Kernel Live Patch Security Notice↗2023-11-28

▶

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2023-10-31

▶

Ubuntu

Linux kernel vulnerabilities↗2023-10-30

▶

Ubuntu

Linux kernel vulnerabilities↗2023-10-30

▶

Ubuntu

Linux kernel (Oracle) vulnerabilities↗2023-10-26

▶

💬Community

Bugzilla

CVE-2023-42752 kernel: integer overflow in igmpv3_newpack leading to exploitable memory access↗2023-09-20

▶