Linux Kernel Vulnerability in TIPC Message Negotiation
CVE-2023-53517
What is CVE-2023-53517?
In the Linux kernel, a vulnerability in the TIPC protocol allows a malicious peer to manipulate Maximum Transmission Unit (MTU) settings during message negotiations. By sending an Activate message with a dangerously low MTU value, an attacker can cause an overflow in the system, leading to potentially severe instability. This vulnerability manifests as a crash, with kernel error messages indicating memory allocation failures and protection faults. The issue has been mitigated in the latest kernel update by enforcing a minimum MTU check, ensuring that only appropriate values are accepted during negotiations.
Affected Version(s)
Linux ed193ece2649c194a87a9d8470195760d367c075 < 2bd4ff4ffb92113f8acd04dbaed83269172c24b4
Linux ed193ece2649c194a87a9d8470195760d367c075 < 575e84d90a74c0b091b3417ba763ebb237aa0a8c
Linux ed193ece2649c194a87a9d8470195760d367c075 < 259683001d7e879fea4b42084fb6560dd9408a7e