CVE-2023-1390

Advisory lineage Upstream: 0 Downstream: 38

Downstream

DEBIAN-CVE-2023-1390 RHSA-2021:1578 RHSA-2021:1739 RHSA-2023:3190 RHSA-2023:3191 RHSA-2023:4125

Modified

Published: 16 Mar 2023, 00:00

Last modified:23 Apr 2025, 16:23

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

0.38% LOW

0% probability -0.30%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Mar 2023, 00:00

Published

Vulnerability first disclosed

23 Apr 2025, 16:23

Last Modified

Vulnerability information updated

Description

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.38%• Percentile: 60%

Techniques & Countermeasures

CWE-1050•Excessive Platform Resource Consumption within a Loop
The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.

Affected Systems

linux•linux_kernel
≥ 4.3, < 4.9.253 | ≥ 4.10, < 4.14.217 | ≥ 4.15, < 4.19.170 | ≥ 4.20, < 5.4.92 | ≥ 5.5, < 5.10.10 | 5.11:rc1 | 5.11:rc2 | 5.11:rc3