{"api_version":"1","generated_at":"2026-04-22T23:53:47+00:00","cve":"CVE-2023-42754","urls":{"html":"https://cve.report/CVE-2023-42754","api":"https://cve.report/api/cve/CVE-2023-42754.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-42754","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-42754"},"summary":{"title":"CVE-2023-42754","description":"A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-10-05 19:15:00","updated_at":"2023-11-07 04:21:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-42754","name":"https://access.redhat.com/security/cve/CVE-2023-42754","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://seclists.org/oss-sec/2023/q4/14","name":"https://seclists.org/oss-sec/2023/q4/14","refsource":"MISC","tags":[],"title":"oss-sec: [CVE-2023-42754] null pointer dereference in Linux kernel ipv4 stack","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: kernel-6.5.6-200.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239845","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2239845","refsource":"MISC","tags":[],"title":"2239845 – (CVE-2023-42754) CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unreach()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: kernel-6.5.6-100.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 39 Update: kernel-6.5.6-300.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-42754","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42754","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"42754","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42754","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42754","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"39","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42754","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42754","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.6","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42754","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.6","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42754","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42754","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-42754","qid":"199881","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6461-1)"},{"cve":"CVE-2023-42754","qid":"199936","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6494-1)"},{"cve":"CVE-2023-42754","qid":"199970","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6494-2)"},{"cve":"CVE-2023-42754","qid":"199976","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-1)"},{"cve":"CVE-2023-42754","qid":"199979","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6532-1)"},{"cve":"CVE-2023-42754","qid":"199980","title":"Ubuntu Security Notification for Linux kernel Vulnerability (USN-6536-1)"},{"cve":"CVE-2023-42754","qid":"199982","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerability (USN-6537-1)"},{"cve":"CVE-2023-42754","qid":"199996","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6549-1)"},{"cve":"CVE-2023-42754","qid":"199997","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6548-1)"},{"cve":"CVE-2023-42754","qid":"199999","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6548-2)"},{"cve":"CVE-2023-42754","qid":"200002","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-2)"},{"cve":"CVE-2023-42754","qid":"200003","title":"Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-6549-2)"},{"cve":"CVE-2023-42754","qid":"200006","title":"Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6548-3)"},{"cve":"CVE-2023-42754","qid":"200007","title":"Ubuntu Security Notification for Linux kernel (Low Latency) Vulnerabilities (USN-6549-3)"},{"cve":"CVE-2023-42754","qid":"200010","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-3)"},{"cve":"CVE-2023-42754","qid":"200024","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6549-4)"},{"cve":"CVE-2023-42754","qid":"200035","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6549-5)"},{"cve":"CVE-2023-42754","qid":"200037","title":"Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6548-5)"},{"cve":"CVE-2023-42754","qid":"200113","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6635-1)"},{"cve":"CVE-2023-42754","qid":"284598","title":"Fedora Security Update for kernel (FEDORA-2023-50bd7c9c12)"},{"cve":"CVE-2023-42754","qid":"284599","title":"Fedora Security Update for kernel (FEDORA-2023-830d9ec624)"},{"cve":"CVE-2023-42754","qid":"285211","title":"Fedora Security Update for kernel (FEDORA-2023-c3bb819677)"},{"cve":"CVE-2023-42754","qid":"356530","title":"Amazon Linux Security Advisory for kernel : ALAS2023-2023-385"},{"cve":"CVE-2023-42754","qid":"356562","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-055"},{"cve":"CVE-2023-42754","qid":"356569","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2023-028"},{"cve":"CVE-2023-42754","qid":"356612","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-042"},{"cve":"CVE-2023-42754","qid":"379043","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)"},{"cve":"CVE-2023-42754","qid":"6000429","title":"Debian Security Update for linux (DLA 3710-1)"},{"cve":"CVE-2023-42754","qid":"6140258","title":"AWS Bottlerocket Security Update for kernel (GHSA-88vc-qqhp-5j29)"},{"cve":"CVE-2023-42754","qid":"6140310","title":"AWS Bottlerocket Security Update for kernel (GHSA-f87x-mhxq-hfcc)"},{"cve":"CVE-2023-42754","qid":"673534","title":"EulerOS Security Update for kernel (EulerOS-SA-2024-1086)"},{"cve":"CVE-2023-42754","qid":"673563","title":"EulerOS Security Update for kernel (EulerOS-SA-2024-1144)"},{"cve":"CVE-2023-42754","qid":"673595","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3247)"},{"cve":"CVE-2023-42754","qid":"673644","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3336)"},{"cve":"CVE-2023-42754","qid":"673692","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3275)"},{"cve":"CVE-2023-42754","qid":"673923","title":"EulerOS Security Update for kernel (EulerOS-SA-2024-1062)"},{"cve":"CVE-2023-42754","qid":"673995","title":"EulerOS Security Update for kernel (EulerOS-SA-2024-1275)"},{"cve":"CVE-2023-42754","qid":"674042","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3304)"},{"cve":"CVE-2023-42754","qid":"755059","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4035-1)"},{"cve":"CVE-2023-42754","qid":"755060","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4031-1)"},{"cve":"CVE-2023-42754","qid":"755063","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4032-1)"},{"cve":"CVE-2023-42754","qid":"755082","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4058-1)"},{"cve":"CVE-2023-42754","qid":"755083","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4057-1)"},{"cve":"CVE-2023-42754","qid":"755085","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4072-1)"},{"cve":"CVE-2023-42754","qid":"755086","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4071-1)"},{"cve":"CVE-2023-42754","qid":"755096","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4093-1)"},{"cve":"CVE-2023-42754","qid":"755229","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4072-2)"},{"cve":"CVE-2023-42754","qid":"755235","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4377-1)"},{"cve":"CVE-2023-42754","qid":"755564","title":"SUSE Security Update for the linux kernel (SUSE-SU-2023:4348-1)"},{"cve":"CVE-2023-42754","qid":"755565","title":"SUSE Security Update for the linux kernel (SUSE-SU-2023:4347-1)"},{"cve":"CVE-2023-42754","qid":"907569","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (31271-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-42754","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"NULL Pointer Dereference","cweId":"CWE-476"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"6.6-rc3","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-42754","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-42754"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239845","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2239845"},{"url":"https://seclists.org/oss-sec/2023/q4/14","refsource":"MISC","name":"https://seclists.org/oss-sec/2023/q4/14"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/"}]},"work_around":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-05 19:15:00","lastModifiedDate":"2023-11-07 04:21:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}