Vulnerability Description
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 6.3 |
| Redhat | Enterprise Linux | 8.0 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-42755Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2239847Issue TrackingPatchThird Party Advisory
- https://seclists.org/oss-sec/2023/q3/229ExploitMailing ListPatch
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-42755Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2239847Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
- https://seclists.org/oss-sec/2023/q3/229ExploitMailing ListPatch
FAQ
What is CVE-2023-42755?
CVE-2023-42755 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rs...
How severe is CVE-2023-42755?
CVE-2023-42755 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-42755?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Debian Debian Linux.