CVE-2023-42755 — Out-of-bounds Read in Kernel

CWE-125 — Out-of-bounds Read26 documents9 sources

Severity

5.5MEDIUMNVD

CNA6.5

EPSS

0.0%

top 99.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedOct 5

Latest updateOct 31

Description

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlinux/linux_kernel< 6.3

▶Debianlinux/linux_kernel< 5.10.197-1+3

Also affects: Debian Linux 10.0, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: seclists.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

linux-oem-6.1 vulnerabilities↗2023-10-19

▶

CVEList

Kernel: rsvp: out-of-bounds read in rsvp_classify()↗2023-10-05

▶

OSV

CVE-2023-42755: A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel↗2023-10-05

▶

GHSA

GHSA-qhrq-6m4q-9x2x: A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel↗2023-10-05

▶

📋Vendor Advisories

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2023-10-31

▶

Ubuntu

Linux kernel vulnerabilities↗2023-10-30

▶

Ubuntu

Linux kernel vulnerabilities↗2023-10-30

▶

Ubuntu

Linux kernel (Oracle) vulnerabilities↗2023-10-26

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2023-10-25

▶

💬Community

Bugzilla

CVE-2023-42755 kernel: rsvp: out-of-bounds read in rsvp_classify()↗2023-09-20

▶