7.5

CVE-2023-1390

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.3 < 4.9.253
LinuxLinux Kernel Version >= 4.10 < 4.14.217
LinuxLinux Kernel Version >= 4.15 < 4.19.170
LinuxLinux Kernel Version >= 4.20 < 5.4.92
LinuxLinux Kernel Version >= 5.5 < 5.10.10
LinuxLinux Kernel Version5.11 Updaterc1
LinuxLinux Kernel Version5.11 Updaterc2
LinuxLinux Kernel Version5.11 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.1% 0.913
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1050 Excessive Platform Resource Consumption within a Loop

The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.

https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5
Third Party Advisory
https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6
Patch
Vendor Advisory
https://infosec.exchange/%40_mattata/109427999461122360
https://security.netapp.com/advisory/ntap-20230420-0001/
Third Party Advisory