CVE-2023-42755

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the rsvp_classify function. This issue may allow a local user to crash the system and cause a denial of service.

Published: Oct 5, 2023
Updated: Oct 12, 2023
CVE: CVE-2023-42755
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	6.3
redhat / enterprise_linux	8.0	8.0.x
debian / debian_linux	10.0	10.0.x

https://access.redhat.com/errata/RHSA-2024:2950
https://access.redhat.com/errata/RHSA-2024:3138
https://access.redhat.com/security/cve/CVE-2023-42755
https://bugzilla.redhat.com/show_bug.cgi?id=2239847
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://seclists.org/oss-sec/2023/q3/229

Vulnerability Database

289,599

CVE-2023-42755