Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-23455
HistoryJan 12, 2023 - 12:00 a.m.

CVE-2023-23455

2023-01-1200:00:00
ubuntu.com
ubuntu.com
20
cve-2023-23455
type confusion
net/sched/sch_atm.c

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4
allows attackers to cause a denial of service because of type confusion
(non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather
than valid classification results).

Notes

Author Note
sbeattie the break entry, b0188d4dbe5f (“[NET_SCHED]: sch_atm: Lindent”), is likely incorrect, as it is just code format changes.
rodrigo-zaiden USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-208.220UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-144.161UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-69.76UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-42.43UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-239.273UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1153.166UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1097.105UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1033.37UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1025.26UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1117.123UNKNOWN
Rows per page:
1-10 of 841

References

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%