5.5

CVE-2023-42754

Exploit

Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach()

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.6
LinuxLinux Kernel Version6.6 Updaterc1
LinuxLinux Kernel Version6.6 Updaterc2
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
FedoraprojectFedora Version37
FedoraprojectFedora Version38
FedoraprojectFedora Version39
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.326
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://access.redhat.com/errata/RHSA-2024:2394
https://access.redhat.com/errata/RHSA-2024:2950
https://access.redhat.com/errata/RHSA-2024:3138
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
https://access.redhat.com/security/cve/CVE-2023-42754
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2239845
Patch
Third Party Advisory
Issue Tracking
https://seclists.org/oss-sec/2023/q4/14
Patch
Third Party Advisory
Exploit
Mailing List