CVE-2023-45871: 
Linux Kernel vulnerability analysis and mitigation

A buffer overflow vulnerability (CVE-2023-45871) was discovered in the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel before version 6.5.3. The vulnerability exists in drivers/net/ethernet/intel/igb/igb_main.c where a buffer size may not be adequate for frames larger than the MTU when the 'rx-all' feature is enabled (NVD, Ubuntu).

The vulnerability occurs in the IGB driver when handling received frames larger than the set MTU size. When the Store Bad Packet (SBP) bit is enabled through the 'rx-all' feature, the receive buffer size is not properly adjusted to accommodate larger frames, leading to a potential buffer overflow. The issue has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with vector: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

When successfully exploited, this vulnerability could lead to denial of service (system crash), memory corruption, or potentially remote code execution when the 'rx-all' feature is enabled on affected network interfaces. An attacker on the same network segment could trigger the vulnerability by sending specially crafted packets (Debian).

The vulnerability has been fixed in Linux kernel version 6.5.3 and backported to various stable kernel versions. The fix involves increasing the RX buffer size to 3K when the SBP bit is enabled (Kernel Commit). Users should update their kernel to a patched version. As a workaround, disabling the 'rx-all' feature on affected network interfaces can prevent exploitation.