CVE-2023-52340Uncontrolled Resource Consumption in Kernel

CWE-400Uncontrolled Resource Consumption18 documents9 sources
Severity
7.5HIGHNVD
OSV8.1
EPSS
0.1%
top 75.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.147.1-1 ON CBL Mariner 2.0+3 more
Timeline
PublishedJul 5
Latest updateAug 14

Description

The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

Debianlinux/linux_kernel< 5.10.209-1+3
Ubuntulinux/linux_kernel< 5.4.0-176.196+1
debiandebian/linux< linux 6.1.76-1 (bookworm)

Patches

Patch: cdn.kernel.orgPatch: git.kernel.orgPatch: cdn.kernel.org

🔴Vulnerability Details

7
GHSA
GHSA-7q4j-f74f-6h5j: The IPv6 implementation in the Linux kernel before 62024-07-05
OSV
CVE-2023-52340: The IPv6 implementation in the Linux kernel before 62024-07-05
OSV
linux-xilinx-zynqmp vulnerabilities2024-04-17
OSV
linux-iot vulnerabilities2024-04-16
OSV
linux-aws, linux-aws-5.15 vulnerabilities2024-04-16

📋Vendor Advisories

9
CISA ICS
Siemens SINEC OS2025-08-14
Microsoft
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily e.g. leading to a denial of service (network is unreachable errors) when IP2024-07-09
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2024-04-17
Ubuntu
Linux kernel (IoT) vulnerabilities2024-04-16
Ubuntu
Linux kernel (AWS) vulnerabilities2024-04-16

💬Community

1
Bugzilla
CVE-2023-52340 kernel: ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU2024-01-11