Hash Collision Vulnerability in Linux Kernel IPv6 Connections
CVE-2023-1206

5.7MEDIUM

Key Information:

Vendor

Linux
Status
Kernel
Vendor
CVE Published:
30 June 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-1206?

A hash collision vulnerability exists in the Linux kernel's IPv6 connection lookup table, which can be exploited through a new variant of SYN flood attacks. An attacker, either within the local network or leveraging a high-bandwidth connection, can manipulate the lookup process, causing the CPU usage of the server accepting IPv6 connections to spike as high as 95%. This can lead to degraded performance or service disruption, particularly for systems heavily reliant on IPv6.

Affected Version(s)

Kernel kernel 6.5-rc1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-1206-CVE-2025-40040-CVE-2024-49882
Created by SpiralBL0CK

References

https://bugzilla.redhat.com/show_bug.cgi?id=2175903
https://www.debian.org/security/2023/dsa-5480
vendor-advisory
https://www.debian.org/security/2023/dsa-5492
vendor-advisory

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-1206 : Hash Collision Vulnerability in Linux Kernel IPv6 Connections