Bug 2239845 (CVE-2023-42754) - CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unreach()
Summary: CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unrea...
Keywords:
Status: NEW
Alias: CVE-2023-42754
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2242284
Blocks: 2238729
TreeView+ depends on / blocked
 
Reported: 2023-09-20 13:52 UTC by Patrick Del Bello
Modified: 2023-10-23 13:12 UTC (History)
44 users (show)

Fixed In Version: kernel 6.6-rc3
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Patrick Del Bello 2023-09-20 13:52:35 UTC
A flaw was found in ipv4_send_dest_unreach() due to NULL pointer derefence due to a missing edge-case check.

Comment 4 Mauro Matteo Cascella 2023-10-05 10:54:33 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2242284]


Note You need to log in before you can comment on or make changes to this bug.