PT-2023-3452 · Linux+4 · Linux Kernel+4

Alex

Published

2019-05-22

Updated

2025-03-11

CVE-2023-3022

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6 rule lookup, sometimes holding rt6 info and other times fib6 info. This inconsistency was not accounted for in other parts of the code where rt6 info was expected unconditionally, potentially leading to a kernel panic in fib6 rule suppress. The issue is related to accessing a resource through incompatible types when handling rt6 info and fib6 info values of the arg.result parameter. Exploitation of this issue may allow an attacker to cause a denial of service by sending specially crafted network packets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALT-PU-2019-1893

ALT-PU-2019-1896

ALT-PU-2019-2120

ALT-PU-2019-2311

ALT-PU-2020-1198

ALT-PU-2020-1501

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

BDU:2023-03636

CESA-2022_1975

CVE-2023-3022

RHSA-2022:1975

RHSA-2022_1975

RHSA-2023:1130

Affected Products

Alt Linux

Astra Linux

Centos

Linux Kernel

Red Hat

PT-2023-3452 · Linux+4 · Linux Kernel+4

CVE-2023-3022

Weakness Enumeration

Related Identifiers

Affected Products

References · 17