exploitDog

CVE-2023-1390

Опубликовано: 16 мар. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

Ссылки

https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5
Third Party Advisory
https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6
Patch
Vendor Advisory
https://infosec.exchange/%40_mattata/109427999461122360
https://security.netapp.com/advisory/ntap-20230420-0001/
Third Party Advisory
https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5
Third Party Advisory
https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6
Patch
Vendor Advisory
https://infosec.exchange/%40_mattata/109427999461122360
https://security.netapp.com/advisory/ntap-20230420-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.3 (включая) до 4.9.253 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.14.217 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.170 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.92 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.10 (исключая)

cpe:2.3:o:linux:linux_kernel:5.11:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.11:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.11:rc3:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00683

Низкий

7.5 High

CVSS3

Дефекты

CWE-1050

NVD-CWE-Other

Связанные уязвимости

CVE-2023-1390

CVSS3: 7.5

ubuntu

почти 3 года назад

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

CVE-2023-1390

CVSS3: 7.5

redhat

около 5 лет назад

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

CVE-2023-1390

CVSS3: 7.5

msrc

почти 3 года назад

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100% causing a denial of service condition.

CVE-2023-1390

CVSS3: 7.5

debian

почти 3 года назад

A remote denial of service vulnerability was found in the Linux kernel ...

GHSA-875q-9h9j-qhmh

CVSS3: 7.5

github

больше 2 лет назад

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

EPSS

Процентиль: 71%

0.00683

Низкий

7.5 High

CVSS3

Дефекты

CWE-1050

NVD-CWE-Other