#VU77953 Resource exhaustion in Linux kernel


Published: 2023-07-04

Vulnerability identifier: #VU77953

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1206

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://bugzilla.redhat.com/show_bug.cgi?id=2175903

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM QRadar SIEM
Multiple vulnerabilities in IBM Cloud Object System
Dell EMC NetWorker vProxy update for third-party components
Multiple vulnerabilities in Logging Subsystem 5.7 for Red Hat OpenShift
SUSE update for the Linux Kernel
Multiple vulnerabilities in IBM Spectrum Copy Data Management
Multiple vulnerabilities in Logging Subsystem 5.8 for Red Hat OpenShift
Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
Red Hat Enterprise Linux 8 update for kernel
Red Hat Enterprise Linux 8 update for kernel-rt