CVE-2023-42756

Published: Sep 28, 2023Modified: Nov 21, 2024

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

Affected (8)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux · Debian: Debian Linux · +1 more

Show all products

Linux: Linux Kernel · Redhat: Enterprise Linux · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

Enterprise Linux

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 6.6
Linux Linux Kernel	Version 6.6 rc1
Linux Linux Kernel	Version 6.6 rc2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 9.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38
Fedoraproject Fedora	Version 39

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (12)

https://access.redhat.com/errata/RHSA-2024:2394

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-42756

Source: secalert@redhat.com

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2239848

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

https://seclists.org/oss-sec/2023/q3/242

Source: secalert@redhat.com

ExploitMailing ListPatchThird Party Advisory

https://access.redhat.com/errata/RHSA-2024:2394

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2023-42756

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2239848

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/oss-sec/2023/q3/242

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListPatchThird Party Advisory

Timeline

No history available yet.