CVE-2023-1390
Published on: Not Yet Published
Last Modified on: 06/07/2023 12:46:00 PM UTC
Certain versions of Linux Kernel from Linux contain the following vulnerability:
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.
- CVE-2023-1390 has been assigned by
seca[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.5 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
CVE-2023-1390 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
tipc_analysis.md · GitHub | gist.github.com text/html |
![]() |
tipc: fix NULL deref in tipc_link_xmit() · torvalds/linux@b774134 · GitHub | github.com text/html |
![]() |
remy????: "Ever seen a network protocol polyglot? Let me sha…" - Infosec Exchange | infosec.exchange text/html |
![]() |
Related QID Numbers
- 181692 Debian Security Update for linux (CVE-2023-1390)
- 199572 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6045-1)
- 241610 Red Hat Update for kernel (RHSA-2023:3190)
- 241629 Red Hat Update for kpatch-patch (RHSA-2023:3191)
- 241825 Red Hat Update for kpatch-patch (RHSA-2023:4146)
- 241831 Red Hat Update for kernel-rt (RHSA-2023:4126)
- 241832 Red Hat Update for kernel (RHSA-2023:4125)
- 672935 EulerOS Security Update for kernel (EulerOS-SA-2023-1824)
- 673005 EulerOS Security Update for kernel (EulerOS-SA-2023-1873)
- 753901 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1803-1)
- 753902 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1800-1)
- 753903 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1801-1)
- 753905 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1811-1)
- 753914 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1848-1)
- 754023 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2232-1)
- 906743 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (25683-1)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Linux | Linux Kernel | All | All | All | All |
Operating System | Linux | Linux Kernel | 5.11 | rc1 | All | All |
Operating System | Linux | Linux Kernel | 5.11 | rc2 | All | All |
Operating System | Linux | Linux Kernel | 5.11 | rc3 | All | All |
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.11:rc1:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.11:rc2:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.11:rc3:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2023-1390 : A remote denial of service vulnerability was found in the #Linux #kernel’s TIPC kernel module. The… twitter.com/i/web/status/1… | 2023-03-16 21:03:57 |