2175903 – (CVE-2023-1206) CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table

Bug 2175903 (CVE-2023-1206) - CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table

Summary: CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table

Keywords:
Status:	NEW
Alias:	CVE-2023-1206
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2176117 2176118 2176119 2176120 2217240 2233500 2233502
Blocks:	2174096
TreeView+	depends on / blocked

Reported:	2023-03-06 18:10 UTC by Alex
Modified:	2024-11-19 19:58 UTC (History)
CC List:	52 users (show)
Fixed In Version:	kernel 6.5-rc1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2023:6835	None	None	None	2023-11-09 07:10:50 UTC
Red Hat Product Errata	RHBA-2023:7268	None	None	None	2023-11-15 18:25:19 UTC
Red Hat Product Errata	RHBA-2023:7328	None	None	None	2023-11-16 11:38:50 UTC
Red Hat Product Errata	RHBA-2023:7338	None	None	None	2023-11-16 18:04:11 UTC
Red Hat Product Errata	RHBA-2023:7343	None	None	None	2023-11-20 01:58:38 UTC
Red Hat Product Errata	RHBA-2023:7346	None	None	None	2023-11-20 09:25:39 UTC
Red Hat Product Errata	RHSA-2023:5603	None	None	None	2023-10-10 15:25:02 UTC
Red Hat Product Errata	RHSA-2023:5604	None	None	None	2023-10-10 15:33:09 UTC
Red Hat Product Errata	RHSA-2023:5627	None	None	None	2023-10-10 16:26:21 UTC
Red Hat Product Errata	RHSA-2023:6583	None	None	None	2023-11-07 08:20:15 UTC
Red Hat Product Errata	RHSA-2023:6901	None	None	None	2023-11-14 15:15:01 UTC
Red Hat Product Errata	RHSA-2023:7077	None	None	None	2023-11-14 15:20:37 UTC

Description Alex 2023-03-06 18:10:51 UTC

A flaw in the Linux Kernel found in the Linux kernel’s networking stack which permits attackers to force hash collisions in the IPv6 connection lookup table. This results in a significant increase in the cost of
lookups, causing increased CPU utilization. This significant CPU usage increase in the Linux kernel subjected to a modified form of the classic IPv6 SYN-Flood. The actual impact of this issue may be a denial of service (due to heightened CPU usage) to hosts which can receive malicious IPv6 traffic.

Comment 8 Alex 2023-06-25 09:58:11 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2217240]

Comment 19 Salvatore Bonaccorso 2023-08-16 18:56:19 UTC

Is https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc the fix for this issue? (which would be in 6.5-rc4)?

Comment 20 Alex 2023-08-21 11:16:21 UTC

In reply to comment #19:
> Is https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc the
> fix for this issue? (which would be in 6.5-rc4)?

Yes, the similar upstream fix has been merged into net.git: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=d11b0df7ddf1831f3e170972f43186dad520bfcc

The previous ( https://lore.kernel.org/netdev/CANn89i%2B6d9K1VwNK1Joc-Yb_4jAfV_YFzk%3Dz_K2_Oy%2BxJHSn_g%40mail.gmail.com/T/ )
were not accepted.

Comment 23 Justin M. Forbes 2023-09-25 16:41:51 UTC

This was fixed for Fedora with the 6.4.8 stable kernel updates.

Comment 24 errata-xmlrpc 2023-10-10 15:24:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5603 https://access.redhat.com/errata/RHSA-2023:5603

Comment 25 errata-xmlrpc 2023-10-10 15:33:05 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5604 https://access.redhat.com/errata/RHSA-2023:5604

Comment 26 errata-xmlrpc 2023-10-10 16:26:16 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5627 https://access.redhat.com/errata/RHSA-2023:5627

Comment 28 errata-xmlrpc 2023-11-07 08:20:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583

Comment 29 errata-xmlrpc 2023-11-14 15:14:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901

Comment 30 errata-xmlrpc 2023-11-14 15:20:33 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077

Comment 31 oilumiun12 2023-12-18 08:28:15 UTC Comment hidden (spam)

This comment was flagged a spam, view the edit history to see the original text if required.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
atenart
bhu
carnil
chwhite
crwood
dbohanno
ddepaula
debarbos
dfreiber
drow
dvlasenk
ezulian
fhrbata
fmaurer
gcovolo
hkrzesin
jarod
jburrell
jdenham
jfaracco
jferlan
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
kernel-mgr
ldoskova
lgoncalv
lzampier
mleitner
nmurray
ptalbert
qzhao
rogbas
rrobaina
rvrbovsk
rysulliv
scweaver
sukulkar
tyberry
vkumar
walters
wcosta
williams
wmealing
ycote
ymankad