CVE-2023-52577

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0

Description The vulnerability is related to the dccp v4 err and dccp v6 err functions in the Linux kernel. It is caused by an uninitialized value in the pskb may pull reason and pskb may pull functions, which can lead to a bug in the dccp v6 err function. The vulnerability can be exploited by an attacker to gain unauthorized access to sensitive information. The issue is related to the handling of ICMP messages and the allocation of memory for socket buffers.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.0 or later. If an update is not possible, consider disabling the dccp v4 err and dccp v6 err functions as a temporary workaround. Additionally, restrict access to the vulnerable module to minimize the risk of exploitation.