CVE-2023-42753

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h->nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

Published: Sep 25, 2023
Updated: Sep 27, 2023
CVE: CVE-2023-42753
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
linux / linux_kernel	6.5	6.5.3
linux / linux_kernel	6.2	6.4.16
linux / linux_kernel	5.16	6.1.53
linux / linux_kernel	5.11	5.15.132
linux / linux_kernel	5.5	5.10.195
linux / linux_kernel	4.20	5.4.257
linux / linux_kernel	4.19.5	4.19.295
linux / linux_kernel	4.14.84	4.15
linux / linux_kernel	4.9.141	4.10
linux / linux_kernel	4.4.165	4.5

Vulnerability Database

289,599

CVE-2023-42753