Vulnerability Details : CVE-2023-2156
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
Vulnerability category: Denial of service
Products affected by CVE-2023-2156
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2156
29.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2156
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-2156
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-2156
-
https://bugzilla.redhat.com/show_bug.cgi?id=2196292
2196292 – (CVE-2023-2156, ZDI-23-547, ZDI-CAN-16223) CVE-2023-2156 kernel: net: IPv6 RPL protocol reachable assertion leads to DoSIssue Tracking;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2023/05/19/1
oss-security - Re: IPv6 and Route of DeathMailing List
-
http://www.openwall.com/lists/oss-security/2023/05/18/1
oss-security - Re: IPv6 and Route of DeathMailing List
-
https://www.zerodayinitiative.com/advisories/ZDI-23-547/
ZDI-23-547 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html
[SECURITY] [DLA 3512-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20230622-0001/
CVE-2023-2156 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2023/05/17/9
oss-security - Re: IPv6 and Route of DeathMailing List
-
https://www.debian.org/security/2023/dsa-5453
Debian -- Security Information -- DSA-5453-1 linuxThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2023/05/17/8
oss-security - Re: IPv6 and Route of DeathMailing List
-
https://www.debian.org/security/2023/dsa-5448
Debian -- Security Information -- DSA-5448-1 linuxThird Party Advisory;VDB Entry
Jump to