CVE-2023-42752 Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access

🗓️ 13 Oct 2023 01:41:49Reported by redhatType

CVE-2023-42752 Kernel integer overflow in igmpv3_newpack leading to exploitable memory acces

Reporter	Title	Published	Views	Family All 163
ATTACKERKB	CVE-2023-42752	13 Oct 202302:15	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-356)	3 Oct 202300:00	–	nessus
Tenable Nessus	CentOS 9 : kernel-5.14.0-378.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-13043)	15 Dec 202300:00	–	nessus
Tenable Nessus	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2024-12110)	2 Feb 202400:00	–	nessus
Tenable Nessus	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12150)	12 Feb 202400:00	–	nessus
Tenable Nessus	OracleVM 3.4 : kernel-uek (OVMSA-2024-0002)	5 Mar 202400:00	–	nessus
Tenable Nessus	Photon OS 4.0: Linux PHSA-2021-4.0-0065	22 Jul 202100:00	–	nessus
Tenable Nessus	Photon OS 5.0: Linux PHSA-2023-5.0-0096	23 Jul 202400:00	–	nessus
Tenable Nessus	Photon OS 5.0: Linux PHSA-2023-5.0-0097	24 Jul 202400:00	–	nessus

[
  {
    "product": "Kernel",
    "vendor": "n/a",
    "versions": [
      {
        "version": "6.6-rc1",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "kernel",
    "defaultStatus": "unaffected"
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2023-42752
git	www.git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/
git	www.git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/
packetstormsecurity	www.packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

23 Jan 2024 02:24Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.5

EPSS0.00266

CWE-190