« List of all CVEs

CVE-2023-42754

Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach()

Published: 10/5/2023 Last updated: 11/6/2025 Reserved: 9/13/2023

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 5.5 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (13)

Product Vendor Version
Red Hat Enterprise Linux 6 Red Hat < 10.0.10240.20766
Red Hat Enterprise Linux 9 Red Hat 15.1(2)SY10
Red Hat Enterprise Linux 6 Red Hat 15.1(2)SY14
Red Hat Enterprise Linux 7 Red Hat 15.2(7)E
Red Hat Enterprise Linux 7 Red Hat BIG-IP 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x
Red Hat Enterprise Linux 9 Red Hat <= 2.4.5
Red Hat Enterprise Linux 9 Red Hat <= 2.4.4-p1
Red Hat Enterprise Linux 9 Red Hat 15.3(1)S
Red Hat Enterprise Linux 7 Red Hat <= None
Red Hat Enterprise Linux 9 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat Snapdragon 1200 Wearable Platform
Red Hat Enterprise Linux 7 Red Hat 15.1(2)SY16
Red Hat Enterprise Linux 8 Red Hat < publication

References (32)