{"api_version":"1","generated_at":"2026-04-22T23:53:45+00:00","cve":"CVE-2023-42753","urls":{"html":"https://cve.report/CVE-2023-42753","api":"https://cve.report/api/cve/CVE-2023-42753.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-42753","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-42753"},"summary":{"title":"CVE-2023-42753","description":"An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-09-25 21:15:00","updated_at":"2024-01-30 16:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:0402","name":"RHSA-2024:0402","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/oss-sec/2023/q3/216","name":"https://seclists.org/oss-sec/2023/q3/216","refsource":"MISC","tags":[],"title":"oss-sec: [CVE-2023-42753] Array Indexing error in Linux kernel","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2024:0563","name":"RHSA-2024:0563","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7411","name":"RHSA-2023:7411","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","name":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3623-1] linux-5.10 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2024:0378","name":"RHSA-2024:0378","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0593","name":"RHSA-2024:0593","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7418","name":"RHSA-2023:7418","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2023/09/22/10","name":"https://www.openwall.com/lists/oss-security/2023/09/22/10","refsource":"MISC","tags":[],"title":"oss-security - [CVE-2023-42753] Array Indexing error in Linux kernel","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2024:0134","name":"RHSA-2024:0134","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0089","name":"RHSA-2024:0089","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0113","name":"RHSA-2024:0113","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html","name":"http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html","refsource":"","tags":[],"title":"Kernel Live Patch Security Notice LSN-0099-1 ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2024:0347","name":"RHSA-2024:0347","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7558","name":"RHSA-2023:7558","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html","name":"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0371","name":"RHSA-2024:0371","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0412","name":"RHSA-2024:0412","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0403","name":"RHSA-2024:0403","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7539","name":"RHSA-2023:7539","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2023-42753","name":"https://access.redhat.com/security/cve/CVE-2023-42753","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2024:0562","name":"RHSA-2024:0562","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7379","name":"RHSA-2023:7379","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7382","name":"RHSA-2023:7382","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0340","name":"RHSA-2024:0340","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0376","name":"RHSA-2024:0376","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0346","name":"RHSA-2024:0346","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7370","name":"RHSA-2023:7370","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7389","name":"RHSA-2023:7389","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2024:0461","name":"RHSA-2024:0461","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239843","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2239843","refsource":"MISC","tags":[],"title":"2239843 – (CVE-2023-42753) CVE-2023-42753 kernel: netfilter: potential slab-out-of-bound access due to integer underflow","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-42753","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42753","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"42753","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42753","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42753","vulnerable":"1","versionEndIncluding":"6.5","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42753","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42753","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42753","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-42753","qid":"160938","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12824)"},{"cve":"CVE-2023-42753","qid":"160939","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12826)"},{"cve":"CVE-2023-42753","qid":"160942","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12825)"},{"cve":"CVE-2023-42753","qid":"160963","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12858)"},{"cve":"CVE-2023-42753","qid":"160977","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12875)"},{"cve":"CVE-2023-42753","qid":"160978","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12874)"},{"cve":"CVE-2023-42753","qid":"160982","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12911)"},{"cve":"CVE-2023-42753","qid":"160985","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12910)"},{"cve":"CVE-2023-42753","qid":"160989","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12915)"},{"cve":"CVE-2023-42753","qid":"160991","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12914)"},{"cve":"CVE-2023-42753","qid":"161277","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2024-12069)"},{"cve":"CVE-2023-42753","qid":"161318","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2024-12094)"},{"cve":"CVE-2023-42753","qid":"161377","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2024-0346)"},{"cve":"CVE-2023-42753","qid":"161404","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2024-0461)"},{"cve":"CVE-2023-42753","qid":"199803","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6415-1)"},{"cve":"CVE-2023-42753","qid":"199841","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6444-1)"},{"cve":"CVE-2023-42753","qid":"199842","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6440-1)"},{"cve":"CVE-2023-42753","qid":"199843","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6439-1)"},{"cve":"CVE-2023-42753","qid":"199844","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6445-1)"},{"cve":"CVE-2023-42753","qid":"199845","title":"Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6442-1)"},{"cve":"CVE-2023-42753","qid":"199846","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6441-1)"},{"cve":"CVE-2023-42753","qid":"199848","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6446-1)"},{"cve":"CVE-2023-42753","qid":"199849","title":"Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6440-2)"},{"cve":"CVE-2023-42753","qid":"199854","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6441-2)"},{"cve":"CVE-2023-42753","qid":"199855","title":"Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6439-2)"},{"cve":"CVE-2023-42753","qid":"199858","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6445-2)"},{"cve":"CVE-2023-42753","qid":"199859","title":"Ubuntu Security Notification for Linux kernel (StarFive) Vulnerabilities (USN-6444-2)"},{"cve":"CVE-2023-42753","qid":"199861","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6446-2)"},{"cve":"CVE-2023-42753","qid":"199864","title":"Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-6440-3)"},{"cve":"CVE-2023-42753","qid":"199868","title":"Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6446-3)"},{"cve":"CVE-2023-42753","qid":"199872","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6441-3)"},{"cve":"CVE-2023-42753","qid":"199883","title":"Ubuntu Security Notification for Linux kernel (NVIDIA) Vulnerabilities (USN-6466-1)"},{"cve":"CVE-2023-42753","qid":"242481","title":"Red Hat Update for kernel (RHSA-2023:7382)"},{"cve":"CVE-2023-42753","qid":"242482","title":"Red Hat Update for kernel-rt (RHSA-2023:7379)"},{"cve":"CVE-2023-42753","qid":"242483","title":"Red Hat Update for kernel-rt (RHSA-2023:7389)"},{"cve":"CVE-2023-42753","qid":"242489","title":"Red Hat Update for kpatch-patch (RHSA-2023:7411)"},{"cve":"CVE-2023-42753","qid":"242497","title":"Red Hat Update for kpatch-patch (RHSA-2023:7418)"},{"cve":"CVE-2023-42753","qid":"242518","title":"Red Hat Update for kpatch-patch (RHSA-2023:7558)"},{"cve":"CVE-2023-42753","qid":"242521","title":"Red Hat Update for kernel security (RHSA-2023:7539)"},{"cve":"CVE-2023-42753","qid":"242612","title":"Red Hat Update for kernel security (RHSA-2023:7370)"},{"cve":"CVE-2023-42753","qid":"242727","title":"Red Hat Update for kpatch-patch (RHSA-2024:0340)"},{"cve":"CVE-2023-42753","qid":"242728","title":"Red Hat Update for kpatch-patch (RHSA-2024:0378)"},{"cve":"CVE-2023-42753","qid":"242729","title":"Red Hat Update for kernel (RHSA-2024:0346)"},{"cve":"CVE-2023-42753","qid":"242731","title":"Red Hat Update for kpatch-patch (RHSA-2024:0376)"},{"cve":"CVE-2023-42753","qid":"242733","title":"Red Hat Update for kpatch-patch (RHSA-2024:0371)"},{"cve":"CVE-2023-42753","qid":"242762","title":"Red Hat Update for kernel (RHSA-2024:0403)"},{"cve":"CVE-2023-42753","qid":"242785","title":"Red Hat Update for kpatch-patch (RHSA-2024:0593)"},{"cve":"CVE-2023-42753","qid":"242830","title":"Red Hat Update for kernel-rt (RHSA-2024:0563)"},{"cve":"CVE-2023-42753","qid":"242831","title":"Red Hat Update for kernel (RHSA-2024:0562)"},{"cve":"CVE-2023-42753","qid":"242839","title":"Red Hat Update for kernel (RHSA-2024:0461)"},{"cve":"CVE-2023-42753","qid":"242855","title":"Red Hat Update for kernel (RHSA-2024:0412)"},{"cve":"CVE-2023-42753","qid":"242862","title":"Red Hat Update for kernel-rt (RHSA-2024:0402)"},{"cve":"CVE-2023-42753","qid":"242864","title":"Red Hat Update for kernel-rt (RHSA-2024:0347)"},{"cve":"CVE-2023-42753","qid":"257299","title":"CentOS Security Update for kernel (CESA-2024:0346)"},{"cve":"CVE-2023-42753","qid":"356357","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-1838"},{"cve":"CVE-2023-42753","qid":"356572","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-040"},{"cve":"CVE-2023-42753","qid":"356606","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-053"},{"cve":"CVE-2023-42753","qid":"379043","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)"},{"cve":"CVE-2023-42753","qid":"6000265","title":"Debian Security Update for linux-5.10 (DLA 3623-1)"},{"cve":"CVE-2023-42753","qid":"6000429","title":"Debian Security Update for linux (DLA 3710-1)"},{"cve":"CVE-2023-42753","qid":"6140024","title":"AWS Bottlerocket Security Update for kernel (GHSA-f72p-76xv-4992)"},{"cve":"CVE-2023-42753","qid":"6140102","title":"AWS Bottlerocket Security Update for kernel (GHSA-f72p-76xv-4992)"},{"cve":"CVE-2023-42753","qid":"673406","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3182)"},{"cve":"CVE-2023-42753","qid":"673595","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3247)"},{"cve":"CVE-2023-42753","qid":"673644","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3336)"},{"cve":"CVE-2023-42753","qid":"673692","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3275)"},{"cve":"CVE-2023-42753","qid":"673848","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3217)"},{"cve":"CVE-2023-42753","qid":"673995","title":"EulerOS Security Update for kernel (EulerOS-SA-2024-1275)"},{"cve":"CVE-2023-42753","qid":"674042","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3304)"},{"cve":"CVE-2023-42753","qid":"755059","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4035-1)"},{"cve":"CVE-2023-42753","qid":"755061","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4030-1)"},{"cve":"CVE-2023-42753","qid":"755082","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4058-1)"},{"cve":"CVE-2023-42753","qid":"755083","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4057-1)"},{"cve":"CVE-2023-42753","qid":"755085","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4072-1)"},{"cve":"CVE-2023-42753","qid":"755086","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4071-1)"},{"cve":"CVE-2023-42753","qid":"755096","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4093-1)"},{"cve":"CVE-2023-42753","qid":"755107","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4095-1)"},{"cve":"CVE-2023-42753","qid":"755229","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4072-2)"},{"cve":"CVE-2023-42753","qid":"756098","title":"SUSE Enterprise Linux Security Update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:1181-1)"},{"cve":"CVE-2023-42753","qid":"756100","title":"SUSE Enterprise Linux Security Update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:1183-1)"},{"cve":"CVE-2023-42753","qid":"756111","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) (SUSE-SU-2024:1236-1)"},{"cve":"CVE-2023-42753","qid":"756113","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 36 for SLE 15 SP3) (SUSE-SU-2024:1246-1)"},{"cve":"CVE-2023-42753","qid":"756115","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:1251-1)"},{"cve":"CVE-2023-42753","qid":"756116","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 35 for SLE 15 SP3) (SUSE-SU-2024:1249-1)"},{"cve":"CVE-2023-42753","qid":"756118","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:1252-1)"},{"cve":"CVE-2023-42753","qid":"756122","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 40 for SLE 15 SP2) (SUSE-SU-2024:1257-1)"},{"cve":"CVE-2023-42753","qid":"907392","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (30054-1)"},{"cve":"CVE-2023-42753","qid":"907427","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (30050)"},{"cve":"CVE-2023-42753","qid":"907590","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (30050-1)"},{"cve":"CVE-2023-42753","qid":"941540","title":"AlmaLinux Security Update for kernel (ALSA-2024:0113)"},{"cve":"CVE-2023-42753","qid":"961107","title":"Rocky Linux Security Update for kernel-rt (RLSA-2024:0134)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-42753","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Out-of-bounds Write","cweId":"CWE-787"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"6.6-rc1","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-42753","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-42753"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239843","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2239843"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"},{"url":"https://seclists.org/oss-sec/2023/q3/216","refsource":"MISC","name":"https://seclists.org/oss-sec/2023/q3/216"},{"url":"https://www.openwall.com/lists/oss-security/2023/09/22/10","refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2023/09/22/10"}]},"work_around":[{"lang":"en","value":"Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}],"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-09-25 21:15:00","lastModifiedDate":"2024-01-30 16:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}