| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120939-CVE-2023-53782-6428@gregkh> Date: Tue, 9 Dec 2025 09:02:03 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53782: dccp: Fix out of bounds access in DCCP error handler From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of the DCCP header. Actually, they also look at the DCCP sequence number, which is stored beyond 8 bytes, so an explicit pskb_may_pull() is required. The Linux kernel CVE team has assigned CVE-2023-53782 to this issue. Affected and fixed versions =========================== Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 4.14.326 with commit 3533e10272555c422a7d51ebc0ce8c483429f7f2 Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 4.19.295 with commit 177212bf6dc1ff2d13d0409cddc5c9e81feec63d Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 5.4.257 with commit 7a7dd70cb954d3efa706a429687ded88c02496fa Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 5.10.195 with commit 4b8a938e329ae4eb54b73b0c87b5170607b038a8 Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 5.15.132 with commit 6ecf09699eb1554299aa1e7fd13e9e80f656c2f9 Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 6.1.53 with commit f8a7f10a1dccf9868ff09342a73dce27501b86df Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 6.4.16 with commit d8171411a661253e6271fa10b65b46daf1b6471c Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 6.5.3 with commit ec620c34f5fa5d055f9f6136a387755db6157712 Issue introduced in 4.9 with commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 and fixed in 6.6 with commit 977ad86c2a1bcaf58f01ab98df5cc145083c489c Issue introduced in 3.2.87 with commit 96106a207ae972d8f9e4815e84c159f29e4bbee7 Issue introduced in 3.10.105 with commit 261def571d19d3b4e2228643c5c0ac89f5e10d15 Issue introduced in 3.12.68 with commit dbf1719c65fb0368a94d15767c669e47e295a073 Issue introduced in 3.16.42 with commit 46b1ffd4738a3ee04b2e8f5a4b8cfc39e9c722a2 Issue introduced in 4.4.34 with commit a2df29ed840f90e459a3f8ff029b216be3912731 Issue introduced in 4.8.10 with commit ba93cf7d2118774c0b2dcfccc8ae999427815caa Issue introduced in 3.2.87 with commit 4ca7e66fcce02459fa6961979f9fe30ae1098cf0 Issue introduced in 3.10.105 with commit bd380617d5d161ea2bbe7a8073b3ca7bca0381e5 Issue introduced in 3.12.68 with commit bfe7d1dee859cad6802f8e21a0a863f408114612 Issue introduced in 3.16.42 with commit 968953df833c61fce5adcc0612efeaced24e5719 Issue introduced in 4.4.34 with commit 99131760a8851e6e5b2c9b24d0a68a3068923a08 Issue introduced in 4.8.10 with commit 84d9c612bb7a9e44c6bf286bedfbe72a6d2d71d4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53782 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/dccp/ipv4.c net/dccp/ipv6.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3533e10272555c422a7d51ebc0ce8c483429f7f2 https://git.kernel.org/stable/c/177212bf6dc1ff2d13d0409cddc5c9e81feec63d https://git.kernel.org/stable/c/7a7dd70cb954d3efa706a429687ded88c02496fa https://git.kernel.org/stable/c/4b8a938e329ae4eb54b73b0c87b5170607b038a8 https://git.kernel.org/stable/c/6ecf09699eb1554299aa1e7fd13e9e80f656c2f9 https://git.kernel.org/stable/c/f8a7f10a1dccf9868ff09342a73dce27501b86df https://git.kernel.org/stable/c/d8171411a661253e6271fa10b65b46daf1b6471c https://git.kernel.org/stable/c/ec620c34f5fa5d055f9f6136a387755db6157712 https://git.kernel.org/stable/c/977ad86c2a1bcaf58f01ab98df5cc145083c489c
Powered by blists - more mailing lists