CVE-2023-1390 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-1390

CVE-2023-1390

March 16, 2023

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

Related Resources (7)

https://security.netapp.com/advisory/ntap-20230420-0001/

https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5

https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6

https://infosec.exchange/@_mattata/109427999461122360

https://infosec.exchange/%40_mattata/109427999461122360

https://people.canonical.com/~ubuntu-security/cve/CVE-2023-1390

https://access.redhat.com/security/cve/CVE-2023-1390

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Excessive Platform Resource Consumption within a Loop

CWE-1050

EPSS

Base Score:

0.68

Products

Solutions

Resources

Company

Compare

Developer Tools