CVE-2023-42756Race Condition in Kernel

CWE-362Race Condition41 documents9 sources
Severity
4.7MEDIUMNVD
CNA4.4OSV7.8OSV7.0OSV5.7OSV5.5
EPSS
0.0%
top 99.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedSep 28
Latest updateNov 14

Description

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel< 6.6+1
Debianlinux/linux_kernel< 5.10.197-1+3
Ubuntulinux/linux_kernel< 5.4.0-165.182+2

Also affects: Debian Linux 10.0, Enterprise Linux 9.0, Fedora 37, 38, 39

Patches

Patch: access.redhat.comPatch: bugzilla.redhat.comPatch: seclists.org

🔴Vulnerability Details

21
OSV
linux-oem-6.5 vulnerabilities2023-11-14
OSV
linux-starfive vulnerabilities2023-11-01
OSV
linux-laptop vulnerabilities2023-10-31
OSV
linux-nvidia-6.2 vulnerabilities2023-10-31
OSV
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi vulnerabilities2023-10-30

📋Vendor Advisories

18
Ubuntu
Linux kernel (OEM) vulnerabilities2023-11-14
Ubuntu
Linux kernel (StarFive) vulnerabilities2023-11-01
Ubuntu
Linux kernel (ARM laptop) vulnerabilities2023-10-31
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2023-10-31
Ubuntu
Linux kernel vulnerabilities2023-10-30

💬Community

1
Bugzilla
CVE-2023-42756 kernel: netfilter: race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP2023-09-20
CVE-2023-42756 — Race Condition in Linux Kernel | cvebase