CVE-2023-54265

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the IPv6 implementation, specifically in the ip6 make skb() function. This issue stems from an uninitialized variable access when handling ICMPv6 headers in the context of SOCK RAW sockets. The problem arises because the icmp6hdr is not always located within the linear region of the skb (socket buffer), leading to an attempt to directly access icmp6 hdr(skb)->icmp6 type with an uninitialized value. This can lead to unpredictable behavior and potentially system instability. A local variable icmp6 type is used to carry the correct value in different scenarios to address this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.