CVE-2023-42755

Опубликовано: 05 окт. 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 5.5

EPSS Низкий

Описание

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the rsvp_classify function. This issue may allow a local user to crash the system and cause a denial of service.

Ссылки

https://access.redhat.com/errata/RHSA-2024:2950
https://access.redhat.com/errata/RHSA-2024:3138
https://access.redhat.com/security/cve/CVE-2023-42755
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2239847
Issue Tracking
Patch
Third Party Advisory
https://seclists.org/oss-sec/2023/q3/229
Exploit
Mailing List
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2950
https://access.redhat.com/errata/RHSA-2024:3138
https://access.redhat.com/security/cve/CVE-2023-42755
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2239847
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://seclists.org/oss-sec/2023/q3/229
Exploit
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 6.3 (исключая)

Конфигурация 2

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 0%

0.00007

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-125

Связанные уязвимости

CVE-2023-42755

CVSS3: 6.5

ubuntu

около 2 лет назад

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

CVE-2023-42755

CVSS3: 6.5

redhat

около 2 лет назад

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

CVE-2023-42755

CVSS3: 5.5

msrc

около 2 лет назад

Kernel: rsvp: out-of-bounds read in rsvp_classify()

CVE-2023-42755

CVSS3: 6.5

debian

около 2 лет назад

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) clas ...

GHSA-qhrq-6m4q-9x2x

CVSS3: 6.5

github

около 2 лет назад

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

EPSS

Процентиль: 0%

0.00007

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-125