CVE-2023-45871
Public on 2023-10-15
Modified on 2024-03-01
Description
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2023-09-27 | ALAS-2023-1838 | Fixed |
| Amazon Linux 2 - Core | kernel | 2023-09-27 | ALAS2-2023-2264 | Fixed |
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2023-09-27 | ALAS2KERNEL-5.10-2023-040 | Fixed |
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | 2023-09-27 | ALAS2KERNEL-5.15-2023-027 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2023-09-27 | ALAS2KERNEL-5.4-2023-053 | Fixed |
| Amazon Linux 2023 | kernel | 2023-09-27 | ALAS2023-2023-356 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.322-244.539 | 2023-11-29 | ALAS2LIVEPATCH-2023-158 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.322-246.539 | 2023-11-29 | ALAS2LIVEPATCH-2023-157 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.192-182.736 | 2023-11-29 | ALAS2LIVEPATCH-2023-160 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.192-183.736 | 2023-11-29 | ALAS2LIVEPATCH-2023-159 | Fixed |
| Amazon Linux 2023 | kernel-livepatch-6.1.49-69.116 | 2023-12-06 | ALAS2023LIVEPATCH-2023-025 | Fixed |
| Amazon Linux 2023 | kernel-livepatch-6.1.49-70.116 | 2023-12-06 | ALAS2023LIVEPATCH-2023-026 | Fixed |
| Amazon Linux 2023 | kernel-livepatch-6.1.52-71.125 | 2023-12-06 | ALAS2023LIVEPATCH-2023-024 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |