CVE-2023-2156

Published: May 9, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

Affected (8)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux · Fedoraproject: Fedora · +1 more

Show all products

Linux: Linux Kernel · Redhat: Enterprise Linux · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

Enterprise Linux

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.11 to 5.15.117
Linux Linux Kernel	From 5.16 to 6.1.34
Linux Linux Kernel	From 5.7 to 5.10.184
Linux Linux Kernel	From 6.2 to 6.2.13
Linux Linux Kernel	From 6.3 to 6.3.8

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 38

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (20)

http://www.openwall.com/lists/oss-security/2023/05/17/8

Source: secalert@redhat.com

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/17/9

Source: secalert@redhat.com

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/18/1

Source: secalert@redhat.com

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/19/1

Source: secalert@redhat.com

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=2196292

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20230622-0001/

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.debian.org/security/2023/dsa-5448

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://www.debian.org/security/2023/dsa-5453

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-23-547/

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2023/05/17/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/17/9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/18/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/19/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=2196292

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20230622-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.debian.org/security/2023/dsa-5448

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.debian.org/security/2023/dsa-5453

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-23-547/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.