Lucene search
RedhatCVELIST:CVE-2023-42754HistoryOct 05, 2023 - 6:25 p.m.
CVE-2023-42754 Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach()
2023-10-0518:25:22
CWE-476
redhat
www.cve.org
2
cve-2023-42754
kernel vulnerability
null pointer dereference
local user privilege
cap_net_admin privileges
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-553.rt7.342.el8_10",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-553.el8_10",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:5.14.0-427.13.1.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:5.14.0-427.13.1.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
}
]References
access.redhat.com/errata/RHSA-2024:2394
access.redhat.com/errata/RHSA-2024:2950
access.redhat.com/errata/RHSA-2024:3138
access.redhat.com/security/cve/CVE-2023-42754
bugzilla.redhat.com/show_bug.cgi?id=2239845
lists.debian.org/debian-lts-announce/2024/01/msg00004.html
lists.fedoraproject.org/archives/list/[email protected]/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
lists.fedoraproject.org/archives/list/[email protected]/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
lists.fedoraproject.org/archives/list/[email protected]/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
seclists.org/oss-sec/2023/q4/14
Related
cbl_mariner
cbl_mariner
CVE-2023-42754 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
nvd
nvd
CVE-2023-42754
2023-10-05 19:15:11
ubuntucve
ubuntucve
CVE-2023-42754
2023-10-05 00:00:00
prion
prion
Null pointer dereference
2023-10-05 19:15:00
redhatcve
redhatcve
CVE-2023-42754
2023-10-05 10:54:28
debiancve
debiancve
CVE-2023-42754
2023-10-05 19:15:11
cve
cve
CVE-2023-42754
2023-10-05 19:15:11
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2023-c3bb819677)
2023-10-10 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2023-50bd7c9c12)
2023-10-11 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2023-830d9ec624)
2023-10-11 00:00:00
nessus
nessus
Fedora 37 : kernel (2023-50bd7c9c12)
2023-10-10 00:00:00
Fedora 39 : kernel (2023-c3bb819677)
2023-11-07 00:00:00
Fedora 38 : kernel (2023-830d9ec624)
2023-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: kernel-6.5.6-100.fc37
2023-10-10 01:33:41
[SECURITY] Fedora 38 Update: kernel-6.5.6-200.fc38
2023-10-10 01:36:33
[SECURITY] Fedora 39 Update: kernel-6.5.6-300.fc39
2023-10-09 22:27:11
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0107
2023-10-05 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0661
2023-10-05 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0483
2023-10-05 00:00:00
amazon
amazon
Important: kernel
2023-11-10 17:32:00
Medium: kernel
2023-10-30 23:59:00
ubuntu
ubuntu
Linux kernel (Azure) vulnerabilities
2024-01-09 00:00:00
Linux kernel vulnerabilities
2023-12-06 00:00:00
Linux kernel (OEM) vulnerabilities
2023-10-31 00:00:00
osv
osv
linux, linux-aws, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities
2023-12-06 13:34:16
linux-azure vulnerabilities
2024-01-09 18:30:25
linux-oem-6.1 vulnerabilities
2023-10-31 12:51:27
mageia
mageia
Updated kernel packages fix security vulnerabilities
2023-10-23 00:04:51
Updated kernel-linus packages fix security vulnerabilities
2023-10-23 00:04:51
ibm
ibm
debian
debian
[SECURITY] [DLA 3710-1] linux security update
2024-01-11 18:20:04
rocky
rocky
kernel-rt security and bug fix update
2024-06-14 13:59:36
kernel security, bug fix, and enhancement update
2024-06-14 13:59:16
redhat
redhat
(RHSA-2024:3138) Moderate: kernel security, bug fix, and enhancement update
2024-05-22 06:35:43
(RHSA-2024:2950) Moderate: kernel-rt security and bug fix update
2024-05-22 06:35:10
(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update
2024-04-30 06:15:35
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2024-05-23 00:00:00
kernel security, bug fix, and enhancement update
2024-05-02 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-11-21 21:37:49
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVELIST:CVE-2023-42754