Linux kernel IPv6 implementation vulnerable to denial of service attack via raw sockets
CVE-2023-52340

7.5HIGH

Key Information:

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 5 July 2024

Summary

A vulnerability exists within the IPv6 implementation of the Linux kernel prior to version 6.3, specifically related to the max_size threshold in net/ipv6/route.c. This issue can be exploited to induce a denial of service condition, resulting in persistent unreachable network errors when IPv6 packets are sent in a loop using a raw socket. Proper mitigation efforts are required to prevent potential service disruptions for affected systems.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 5, 2024
Vulnerability Reserved
Jan 12, 2024

Collectors

NVD DatabaseMitre Database