Bug 1215468 - VUL-0: CVE-2023-42752: kernel: integer overflow leading to exploitable memory access
Summary: VUL-0: CVE-2023-42752: kernel: integer overflow leading to exploitable memory...
Status: RESOLVED DUPLICATE of bug 1215146
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Kernel Bugs
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/379098/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-19 06:47 UTC by Robert Frohl
Modified: 2023-09-19 07:51 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2023-09-19 06:47:36 UTC 
CVE-2023-42752

Posted by Kyle Zeng on Sep 18Hi there,

I recently found an integer overflow in the Linux kernel, which leads
to the kernel allocating `skb_shared_info` in the userspace, which is
exploitable in systems without SMAP protection since `skb_shared_info`
contains references to function pointers.

I verified the existence of the vulnerability on both the main tree
and v6.1.y, more versions may be affected (potentially all stable
trees).

[Root Cause]

The root cause of the...

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42752
https://seclists.org/oss-sec/2023/q3/192
Comment 3 Gianluca Gabrielli 2023-09-19 07:51:05 UTC 
Closing this as duplicate

*** This bug has been marked as a duplicate of bug 1215146 ***