CVE-2023-42755

Summary

CVE	CVE-2023-42755
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-10-05 19:15:00 UTC
Updated	2023-11-07 04:21:00 UTC
Description	A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 3623-1] linux-5.10 security update	MISC	lists.debian.org
oss-sec: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2	MISC	seclists.org
cve-details	MISC	access.redhat.com
2239847 – (CVE-2023-42755, ZDI-CAN-18387) CVE-2023-42755 kernel: rsvp: out-of-bounds read in rsvp_classify()	MISC	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

199841 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6444-1)
199842 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6440-1)
199843 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6439-1)
199844 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6445-1)
199845 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6442-1)
199846 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6441-1)
199847 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6443-1)
199848 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6446-1)
199849 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6440-2)
199854 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6441-2)
199855 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6439-2)
199858 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6445-2)
199859 Ubuntu Security Notification for Linux kernel (StarFive) Vulnerabilities (USN-6444-2)
199861 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6446-2)
199864 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-6440-3)
199868 Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6446-3)
199872 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6441-3)
199874 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6460-1)
199883 Ubuntu Security Notification for Linux kernel (NVIDIA) Vulnerabilities (USN-6466-1)
356357 Amazon Linux Security Advisory for kernel : ALAS-2023-1838
356371 Amazon Linux Security Advisory for kernel : ALAS2023-2023-356
356469 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-041
379043 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)
379435 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2024:0012)
6000265 Debian Security Update for linux-5.10 (DLA 3623-1)
6000429 Debian Security Update for linux (DLA 3710-1)
6140221 AWS Bottlerocket Security Update for kernel (GHSA-6w3c-v8fq-96cp)
907466 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (31269)
907534 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (31269-1)