CVE-2023-52881
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/05/2024
Last modified:
27/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
tcp: do not accept ACK of bytes we never sent<br />
<br />
This patch is based on a detailed report and ideas from Yepeng Pan<br />
and Christian Rossow.<br />
<br />
ACK seq validation is currently following RFC 5961 5.2 guidelines:<br />
<br />
The ACK value is considered acceptable only if<br />
it is in the range of ((SND.UNA - MAX.SND.WND)
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.0.58 (including) | 3.1 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.2.37 (including) | 3.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.4.25 (including) | 3.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.8 (including) | 4.14.333 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.302 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.264 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.204 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.143 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.68 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440
- https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc
- https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757
- https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27
- https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a
- https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57
- https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0
- https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a
- https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440
- https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc
- https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757
- https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27
- https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a
- https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57
- https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0
- https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a