CVE-2023-42754NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference29 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedOct 5
Latest updateFeb 14

Description

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDlinux/linux_kernel< 6.6+1
Debianlinux/linux_kernel< 5.10.197-1+3

Also affects: Enterprise Linux 8.0, 9.0, Fedora 37, 38, 39

Patches

Patch: access.redhat.comPatch: bugzilla.redhat.comPatch: seclists.org

🔴Vulnerability Details

5
OSV
linux-azure vulnerabilities2024-01-09
OSV
linux, linux-aws, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities2023-12-06
GHSA
GHSA-7h73-9whc-fg4g: A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack2023-10-05
CVEList
Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach()2023-10-05
OSV
CVE-2023-42754: A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack2023-10-05

📋Vendor Advisories

22
Ubuntu
Linux kernel (GCP) vulnerabilities2024-02-14
Ubuntu
Linux kernel vulnerabilities2024-01-10
Ubuntu
Linux kernel (IoT) vulnerabilities2024-01-10
Ubuntu
Linux kernel (Azure) vulnerabilities2024-01-09
Ubuntu
Linux kernel (GKE) vulnerabilities2024-01-09

💬Community

1
Bugzilla
CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unreach()2023-09-20
CVE-2023-42754 — NULL Pointer Dereference in Kernel | cvebase