CVE-2023-1390
moderate-risk
Published 2023-03-16
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.
Do I need to act?
-
0.51% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (8)
Third Party Advisory
https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0001/
Third Party Advisory
https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0001/
38
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
10/34 · Low