CVE-2023-42754

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 3

Advisories 47

NVD Status Modified

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
NVD Status: Modified
CNA: Red Hat, Inc.
Published Date: 2023-10-05 19:15:11
(11 months ago)
Updated Date: 2024-09-13 19:15:15
(2 days ago)

Affected Products

Configuration #1

	CPE23	Up To
Linux Kernel prior 6.6 version	cpe:2.3:o:linux:linux_kernel	< 6.6
Linux Kernel 6.6 Rc1	cpe:2.3:o:linux:linux_kernel:6.6:rc1
Linux Kernel 6.6 Rc2	cpe:2.3:o:linux:linux_kernel:6.6:rc2

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 37	cpe:2.3:o:fedoraproject:fedora:37
	Fedoraproject Fedora 38	cpe:2.3:o:fedoraproject:fedora:38
	Fedoraproject Fedora 39	cpe:2.3:o:fedoraproject:fedora:39

Weaknesses

Affected Products

Fedoraproject

Linux

Redhat

Configuration #1

Configuration #2

Configuration #3