CVE-2023-42754: 
Linux Kernel vulnerability analysis and mitigation

A NULL pointer dereference vulnerability (CVE-2023-42754) was discovered in the Linux kernel IPv4 stack. The vulnerability was found when the socket buffer (skb) was assumed to be associated with a device before calling _ipoptions_compile, which is not always the case if the skb is re-routed by ipvs. The issue was discovered in October 2023 and affects Linux kernel versions up to (excluding) 6.6 (NVD, OSS-SEC).

The vulnerability exists in the ipv4senddestunreach function in net/ipv4/route.c. The function incorrectly assumes there is always a device associated with a skbuff, but this assumption fails when the skb is rerouted through ipvs, causing skb->dev to be NULL. This leads to a null pointer dereference when calling devnet, which attempts to access dev->ndnet. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

This vulnerability may allow a local user with CAPNETADMIN privileges to crash the system, resulting in a denial of service condition (NVD).

The vulnerability has been fixed in Linux kernel 6.6-rc3 with commit 0113d9c9d1cc. The patch has been backported to stable kernel versions v6.1, v5.15, v5.10, v5.4, v4.19, and v4.14. Users should update their kernel to a patched version (OSS-SEC).