AZL-27382

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27382.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-27382

Upstream

CVE-2023-1206

Published

2023-06-30T22:15:09Z

Modified

2026-04-01T05:09:09.527397Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-1206 affecting package kernel for versions less than 5.15.126.1-1

Details

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1206

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27382.json"