{"api_version":"1","generated_at":"2026-05-13T07:40:33+00:00","cve":"CVE-2023-42755","urls":{"html":"https://cve.report/CVE-2023-42755","api":"https://cve.report/api/cve/CVE-2023-42755.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-42755","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-42755"},"summary":{"title":"CVE-2023-42755","description":"A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-10-05 19:15:00","updated_at":"2023-11-07 04:21:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","name":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3623-1] linux-5.10 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://seclists.org/oss-sec/2023/q3/229","name":"https://seclists.org/oss-sec/2023/q3/229","refsource":"MISC","tags":[],"title":"oss-sec: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-42755","name":"https://access.redhat.com/security/cve/CVE-2023-42755","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239847","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2239847","refsource":"MISC","tags":[],"title":"2239847 – (CVE-2023-42755, ZDI-CAN-18387) CVE-2023-42755 kernel: rsvp: out-of-bounds read in rsvp_classify()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-42755","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42755","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"42755","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42755","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42755","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-42755","qid":"199841","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6444-1)"},{"cve":"CVE-2023-42755","qid":"199842","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6440-1)"},{"cve":"CVE-2023-42755","qid":"199843","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6439-1)"},{"cve":"CVE-2023-42755","qid":"199844","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6445-1)"},{"cve":"CVE-2023-42755","qid":"199845","title":"Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6442-1)"},{"cve":"CVE-2023-42755","qid":"199846","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6441-1)"},{"cve":"CVE-2023-42755","qid":"199847","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6443-1)"},{"cve":"CVE-2023-42755","qid":"199848","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6446-1)"},{"cve":"CVE-2023-42755","qid":"199849","title":"Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6440-2)"},{"cve":"CVE-2023-42755","qid":"199854","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6441-2)"},{"cve":"CVE-2023-42755","qid":"199855","title":"Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6439-2)"},{"cve":"CVE-2023-42755","qid":"199858","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6445-2)"},{"cve":"CVE-2023-42755","qid":"199859","title":"Ubuntu Security Notification for Linux kernel (StarFive) Vulnerabilities (USN-6444-2)"},{"cve":"CVE-2023-42755","qid":"199861","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6446-2)"},{"cve":"CVE-2023-42755","qid":"199864","title":"Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-6440-3)"},{"cve":"CVE-2023-42755","qid":"199868","title":"Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6446-3)"},{"cve":"CVE-2023-42755","qid":"199872","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6441-3)"},{"cve":"CVE-2023-42755","qid":"199874","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6460-1)"},{"cve":"CVE-2023-42755","qid":"199883","title":"Ubuntu Security Notification for Linux kernel (NVIDIA) Vulnerabilities (USN-6466-1)"},{"cve":"CVE-2023-42755","qid":"356357","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-1838"},{"cve":"CVE-2023-42755","qid":"356371","title":"Amazon Linux Security Advisory for kernel : ALAS2023-2023-356"},{"cve":"CVE-2023-42755","qid":"356469","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-041"},{"cve":"CVE-2023-42755","qid":"379043","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)"},{"cve":"CVE-2023-42755","qid":"379435","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2024:0012)"},{"cve":"CVE-2023-42755","qid":"6000265","title":"Debian Security Update for linux-5.10 (DLA 3623-1)"},{"cve":"CVE-2023-42755","qid":"6000429","title":"Debian Security Update for linux (DLA 3710-1)"},{"cve":"CVE-2023-42755","qid":"6140221","title":"AWS Bottlerocket Security Update for kernel (GHSA-6w3c-v8fq-96cp)"},{"cve":"CVE-2023-42755","qid":"907466","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (31269)"},{"cve":"CVE-2023-42755","qid":"907534","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (31269-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-42755","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Out-of-bounds Read","cweId":"CWE-125"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"6.3-rc1","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-42755","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-42755"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239847","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2239847"},{"url":"https://seclists.org/oss-sec/2023/q3/229","refsource":"MISC","name":"https://seclists.org/oss-sec/2023/q3/229"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"}]},"work_around":[{"lang":"en","value":"This flaw can be mitigated by preventing the affected `cls_rsvp` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-05 19:15:00","lastModifiedDate":"2023-11-07 04:21:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}