Vulnerability Description
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.4.165, < 4.5 |
| Redhat | Enterprise Linux | 7.0 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:7370Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7379Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7382Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7389Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7411Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7418Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7539Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7558Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0089Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0113Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0134Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0340Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0346Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0347Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0371Third Party Advisory
FAQ
What is CVE-2023-42753?
CVE-2023-42753 is a vulnerability with a CVSS score of 7.0 (HIGH). An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the pri...
How severe is CVE-2023-42753?
CVE-2023-42753 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-42753?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Debian Debian Linux.