Vulnerability Details : CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
Products affected by CVE-2023-42753
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-42753
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 9 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-42753
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2023-42753
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-42753
-
https://access.redhat.com/errata/RHSA-2023:7539
RHSA-2023:7539 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0134
RHSA-2024:0134 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7558
RHSA-2023:7558 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0403
RHSA-2024:0403 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
Kernel Live Patch Security Notice LSN-0099-1 ≈ Packet StormThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2024:0593
RHSA-2024:0593 - Security Advisory - Red Hat カスタマーポータルThird Party Advisory
-
https://www.openwall.com/lists/oss-security/2023/09/22/10
oss-security - [CVE-2023-42753] Array Indexing error in Linux kernelExploit;Mailing List
-
https://access.redhat.com/errata/RHSA-2024:0562
RHSA-2024:0562 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://seclists.org/oss-sec/2023/q3/216
oss-sec: [CVE-2023-42753] Array Indexing error in Linux kernelExploit;Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0378
RHSA-2024:0378 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7411
RHSA-2023:7411 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://access.redhat.com/security/cve/CVE-2023-42753
CVE-2023-42753- Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7418
RHSA-2023:7418 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0376
RHSA-2024:0376 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0347
RHSA-2024:0347 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0563
RHSA-2024:0563 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0371
RHSA-2024:0371 - Security Advisory - Red Hat カスタマーポータルThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7382
RHSA-2023:7382 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0089
RHSA-2024:0089 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
[SECURITY] [DLA 3623-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0461
RHSA-2024:0461 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7370
RHSA-2023:7370 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0113
RHSA-2024:0113 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0412
RHSA-2024:0412 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7389
RHSA-2023:7389 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0402
RHSA-2024:0402 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7379
RHSA-2023:7379 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0346
RHSA-2024:0346 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0340
RHSA-2024:0340 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0999
RHSA-2024:0999 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2239843
2239843 – (CVE-2023-42753) CVE-2023-42753 kernel: netfilter: potential slab-out-of-bound access due to integer underflowIssue Tracking
-
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
[SECURITY] [DLA 3710-1] linux security updateMailing List;Third Party Advisory
Jump to