// For flags

CVE-2023-52340

kernel: ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.

La implementación de IPv6 en el kernel de Linux anterior a 6.3 tiene un umbral net/ipv6/route.c max_size que se puede consumir fácilmente, por ejemplo, provocando una denegación de servicio (errores de red inaccesible) cuando los paquetes IPv6 se envían en un bucle a través de un enchufe crudo.

A flaw in the routing table size was found in the ICMPv6 handling of "Packet Too Big". The size of the routing table is regulated by periodic garbage collection. However, with "Packet Too Big Messages" it is possible to exceed the routing table size and garbage collector threshold. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

This update for the Linux Kernel 5.14.21-150500_55_49 fixes several issues. The following security issues were fixed. Fixed potential UAF in cifs_signal_cifsd_for_reconnect. Gpiolib: cdev: Fix use after free in lineinfo_changed_notify. Net: do not leave a dangling sk pointer, when socket creation fails hfsplus: fix uninit-value in copy_name. Fs/9p: only translate RWX permissions for plain 9P2000. Hsr: Prevent use after free in prp_create_tagged_frame. Fixed a general protection fault in i915_perf_open_ioctl. Set gtt bound flag in amdgpu_ttm_gart_bind. Fixed use-after-free bugs caused by sco_sock_timeout. Drm/client: Fully protect modes with dev->mode_config.mutex. Fixed false-positive lockdep splat for spin_lock in __unix_gc. Fixed double free of the ha->vp_map pointer. Fixed underflow in parse_server_interfaces. Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules. Fixed use-after-free in ip6_route_mpath_notify. Fixed memory corruption in wifi/iwlwifi. Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header. Fixed SDMA off-by-one error in _pad_sdma_tx_descs. Fixed a race condition in nfc_llcp_sock_get and nfc_llcp_sock_get_sn. Fixed race between tx work scheduling and socket close. Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation. Fixed UAF write bug in tomoyo_write_control. Fixed a denial of service related to ICMPv6 'Packet Too Big' packets.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-01-12 CVE Reserved
  • 2024-03-13 CVE Published
  • 2025-03-20 CVE Updated
  • 2025-05-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 6.3
Search vendor "Linux" for product "Linux Kernel" and version " < 6.3"
-
Affected