Bug 2239845 (CVE-2023-42754) - CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unreach()
Summary: CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unrea...
Keywords:
Status: NEW
Alias: CVE-2023-42754
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2023-52579 (view as bug list)
Depends On: 2242284
Blocks: 2267764 2238729
TreeView+ depends on / blocked
 
Reported: 2023-09-20 13:52 UTC by Patrick Del Bello
Modified: 2024-05-22 09:52 UTC (History)
45 users (show)

Fixed In Version: kernel 6.6-rc3
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:2634 0 None None None 2024-05-01 01:22:04 UTC
Red Hat Product Errata RHBA-2024:2650 0 None None None 2024-05-02 00:14:51 UTC
Red Hat Product Errata RHBA-2024:2686 0 None None None 2024-05-02 22:49:58 UTC
Red Hat Product Errata RHSA-2024:2394 0 None None None 2024-04-30 10:13:59 UTC
Red Hat Product Errata RHSA-2024:2950 0 None None None 2024-05-22 09:14:45 UTC
Red Hat Product Errata RHSA-2024:3138 0 None None None 2024-05-22 09:52:10 UTC

Description Patrick Del Bello 2023-09-20 13:52:35 UTC
A flaw was found in ipv4_send_dest_unreach() due to NULL pointer derefence due to a missing edge-case check.

Comment 4 Mauro Matteo Cascella 2023-10-05 10:54:33 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2242284]

Comment 8 Alex 2024-04-24 13:38:50 UTC
*** Bug 2267759 has been marked as a duplicate of this bug. ***

Comment 9 errata-xmlrpc 2024-04-30 10:13:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394

Comment 10 errata-xmlrpc 2024-05-22 09:14:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950

Comment 11 errata-xmlrpc 2024-05-22 09:52:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3138 https://access.redhat.com/errata/RHSA-2024:3138


Note You need to log in before you can comment on or make changes to this bug.