Lucene search

K
redhatcveRedhat.comRH:CVE-2023-23455
HistoryFeb 08, 2023 - 6:56 p.m.

CVE-2023-23455

2023-02-0818:56:41
redhat.com
access.redhat.com
30
cve-2023-23455
denial of service
atm_tc_enqueue
net/sched/sch_atm.c
linux kernel
local attacker
type confusion
user namespaces

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

A denial of service flaw was found in atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TC_ACT_SHOT condition rather than valid classification results.

Mitigation

The mitigation is to disable unprivileged user namespaces by setting user.max_user_namespaces to 0:

# echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf  
# sysctl -p /etc/sysctl.d/userns.conf  

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%