Bug 2175903 (CVE-2023-1206) - CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table
Summary: CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table
Keywords:
Status: NEW
Alias: CVE-2023-1206
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2176117 2176118 2176119 2176120 2217240 2233500 2233502
Blocks: 2174096
TreeView+ depends on / blocked
 
Reported: 2023-03-06 18:10 UTC by Alex
Modified: 2024-04-18 14:51 UTC (History)
52 users (show)

Fixed In Version: kernel 6.5-rc1
Doc Type: If docs needed, set a value
Doc Text:
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:6835 0 None None None 2023-11-09 07:10:50 UTC
Red Hat Product Errata RHBA-2023:7268 0 None None None 2023-11-15 18:25:19 UTC
Red Hat Product Errata RHBA-2023:7328 0 None None None 2023-11-16 11:38:50 UTC
Red Hat Product Errata RHBA-2023:7338 0 None None None 2023-11-16 18:04:11 UTC
Red Hat Product Errata RHBA-2023:7343 0 None None None 2023-11-20 01:58:38 UTC
Red Hat Product Errata RHBA-2023:7346 0 None None None 2023-11-20 09:25:39 UTC
Red Hat Product Errata RHSA-2023:5603 0 None None None 2023-10-10 15:25:02 UTC
Red Hat Product Errata RHSA-2023:5604 0 None None None 2023-10-10 15:33:09 UTC
Red Hat Product Errata RHSA-2023:5627 0 None None None 2023-10-10 16:26:21 UTC
Red Hat Product Errata RHSA-2023:6583 0 None None None 2023-11-07 08:20:15 UTC
Red Hat Product Errata RHSA-2023:6901 0 None None None 2023-11-14 15:15:01 UTC
Red Hat Product Errata RHSA-2023:7077 0 None None None 2023-11-14 15:20:37 UTC

Description Alex 2023-03-06 18:10:51 UTC
A flaw in the Linux Kernel found in the Linux kernel’s networking stack which permits attackers to force hash collisions in the IPv6 connection lookup table. This results in a significant increase in the cost of
lookups, causing increased CPU utilization. This significant CPU usage increase in the Linux kernel subjected to a modified form of the classic IPv6 SYN-Flood. The actual impact of this issue may be a denial of service (due to heightened CPU usage) to hosts which can receive malicious IPv6 traffic.

Comment 8 Alex 2023-06-25 09:58:11 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2217240]

Comment 19 Salvatore Bonaccorso 2023-08-16 18:56:19 UTC
Is https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc the fix for this issue? (which would be in 6.5-rc4)?

Comment 23 Justin M. Forbes 2023-09-25 16:41:51 UTC
This was fixed for Fedora with the 6.4.8 stable kernel updates.

Comment 24 errata-xmlrpc 2023-10-10 15:24:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5603 https://access.redhat.com/errata/RHSA-2023:5603

Comment 25 errata-xmlrpc 2023-10-10 15:33:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5604 https://access.redhat.com/errata/RHSA-2023:5604

Comment 26 errata-xmlrpc 2023-10-10 16:26:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5627 https://access.redhat.com/errata/RHSA-2023:5627

Comment 28 errata-xmlrpc 2023-11-07 08:20:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583

Comment 29 errata-xmlrpc 2023-11-14 15:14:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901

Comment 30 errata-xmlrpc 2023-11-14 15:20:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077

Comment 31 oilumiun12 2023-12-18 08:28:15 UTC Comment hidden (spam)

Note You need to log in before you can comment on or make changes to this bug.