AZL-31269

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31269.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-31269

Upstream

CVE-2023-42755

Published

2023-10-05T19:15:11Z

Modified

2026-04-01T05:10:02.764867Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-42755 affecting package kernel for versions less than 5.15.135.1-2

Details

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the rsvp_classify function. This issue may allow a local user to crash the system and cause a denial of service.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-42755

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.135.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31269.json"