Open mend-bolt-for-github[bot] opened 7 months ago
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: ed48650604b1d1d694b8e4b96732faa74080f35a
Found in base branch: master
/include/net/dst_ops.h
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
Publish Date: 2024-07-05
URL: CVE-2023-52340
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2023-52340
Release Date: 2024-01-13
Fix Resolution: v4.19.305,v5.4.267,v5.10.208,v5.15.147,v6.1.73
Step up your Open Source Security Game with Mend here
CVE-2023-52340 - High Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.72
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: ed48650604b1d1d694b8e4b96732faa74080f35a
Found in base branch: master
Vulnerable Source Files (1)
/include/net/dst_ops.h
Vulnerability Details
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
Publish Date: 2024-07-05
URL: CVE-2023-52340
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2023-52340
Release Date: 2024-01-13
Fix Resolution: v4.19.305,v5.4.267,v5.10.208,v5.15.147,v6.1.73
Step up your Open Source Security Game with Mend here