[SRU Focal/Jammy/HWE-5.19/OEM-6.0/OEM-6.1/Lunar 0/1] CVE-2023-1206
Cengiz Can
cengiz.can at canonical.com
Fri Aug 11 00:56:59 UTC 2023
[Impact]
A hash collision flaw was found in the IPv6 connection lookup table in the
Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood
attack. A user located in the local network or with a high bandwidth connection
can increase the CPU usage of the server that accepts IPV6 connections up to
95%.
[Fix]
Cherry picked from upstream to all kernels.
[Test case]
Compile and boot tested only.
[Potential regression]
IPv6 users can be affected, however highly unlikely since the fix only improves
an inline hash calculation function.
Stewart Smith (1):
tcp: Reduce chance of collisions in inet6_hashfn().
include/net/ipv6.h | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--
2.39.2
More information about the kernel-team
mailing list