-

CVE-2023-53333

EPSS 0.03%
Veröffentlicht 16.09.2025 16:12:08
Zuletzt bearbeitet 17.09.2025 14:18:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one

Eric Dumazet says:
  nf_conntrack_dccp_packet() has an unique:

  dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);

  And nothing more is 'pulled' from the packet, depending on the content.
  dh->dccph_doff, and/or dh->dccph_x ...)
  So dccp_ack_seq() is happily reading stuff past the _dh buffer.

BUG: KASAN: stack-out-of-bounds in nf_conntrack_dccp_packet+0x1134/0x11c0
Read of size 4 at addr ffff000128f66e0c by task syz-executor.2/29371
[..]

Fix this by increasing the stack buffer to also include room for
the extra sequence numbers and all the known dccp packet type headers,
then pull again after the initial validation of the basic header.

While at it, mark packets invalid that lack 48bit sequence bit but
where RFC says the type MUST use them.

Compile tested only.

v2: first skb_header_pointer() now needs to adjust the size to
    only pull the generic header. (Eric)

Heads-up: I intend to remove dccp conntrack support later this year.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 337fdce450637ea663bc816edc2ba81e5cdad02e

Version 2bc780499aa33311ec0f3e42624dfaa7be0ade5e

Status affected

Version < 9bdcda7abaf22f6453e5b5efb7eb4e524095d5d8

Version 2bc780499aa33311ec0f3e42624dfaa7be0ade5e

Status affected

Version < c052797ac36813419ad3bfa54cb8615db4b41f15

Version 2bc780499aa33311ec0f3e42624dfaa7be0ade5e

Status affected

Version < 5c618daa5038712c4a4ef8923905a2ea1b8836a1

Version 2bc780499aa33311ec0f3e42624dfaa7be0ade5e

Status affected

Version < 26bd1f210d3783a691052c51d76bb8a8bbd24c67

Version 2bc780499aa33311ec0f3e42624dfaa7be0ade5e

Status affected

Version < 8c0980493beed3a80d6329c44ab293dc8c032927

Version 2bc780499aa33311ec0f3e42624dfaa7be0ade5e

Status affected

Version < ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30

Version 2bc780499aa33311ec0f3e42624dfaa7be0ade5e

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.26

Status affected

Version < 2.6.26

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.251

Status unaffected

Version <= 5.10.*

Version 5.10.188

Status unaffected

Version <= 5.15.*

Version 5.15.121

Status unaffected

Version <= 6.1.*

Version 6.1.39

Status unaffected

Version <= 6.3.*

Version 6.3.13

Status unaffected

Version <= 6.4.*

Version 6.4.4

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/337fdce450637ea663bc816edc2ba81e5cdad02e

https://git.kernel.org/stable/c/9bdcda7abaf22f6453e5b5efb7eb4e524095d5d8

https://git.kernel.org/stable/c/c052797ac36813419ad3bfa54cb8615db4b41f15

https://git.kernel.org/stable/c/5c618daa5038712c4a4ef8923905a2ea1b8836a1

https://git.kernel.org/stable/c/26bd1f210d3783a691052c51d76bb8a8bbd24c67

https://git.kernel.org/stable/c/8c0980493beed3a80d6329c44ab293dc8c032927

https://git.kernel.org/stable/c/ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30

https://nvd.nist.gov/vuln/detail/CVE-2023-53333

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53333

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53333

EUVD