CVE-2023-42754
MEDIUMLinux Kernel < 6.6 - NULL Pointer Dereference in IPv4 Stack via Socket Buffer Re-routing
Title source: llmDescription
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
References (10)
Core 10
Core References
Exploit, Mailing List, Patch, Third Party Advisory
https://seclists.org/oss-sec/2023/q4/14
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2394
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2950
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3138
Patch, Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-42754
Issue Tracking, Patch, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2239845
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
1.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (7)
fedoraproject/fedora
37
fedoraproject/fedora
38
fedoraproject/fedora
39
linux/linux_kernel
6.6 rc1 (2 CPE variants)
linux/linux_kernel
< 6.6
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
Published
Oct 05, 2023
Tracked Since
Feb 18, 2026