CVE-2023-2156
Linux Kernel IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the RPL protocol. The issue results from the lack of proper handling of user-supplied data, which can result in an assertion failure. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
*Credits:
maxpl0it (@maxpl0it)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-04-18 CVE Reserved
- 2023-05-04 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2023/05/17/8 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2023/05/17/9 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2023/05/18/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2023/05/19/1 | Mailing List |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=2196292 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20230622-0001 | Mailing List |
|
| https://www.zerodayinitiative.com/advisories/ZDI-23-547 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2023/dsa-5448 | 2024-02-03 | |
| https://www.debian.org/security/2023/dsa-5453 | 2024-02-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.7 < 5.10.184 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.10.184" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 5.15.117 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.117" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.16 < 6.1.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.1.34" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.2 < 6.2.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.2.13" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.3.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.3.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||