CVE-2023-52881 (GCVE-0-2023-52881)

Vulnerability from cvelistv5 – Published: 2024-05-29 10:15 – Updated: 2026-05-23 15:27
VLAI
Title
tcp: do not accept ACK of bytes we never sent
Summary
In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The ACK value is considered acceptable only if it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT). All incoming segments whose ACK value doesn't satisfy the above condition MUST be discarded and an ACK sent back. It needs to be noted that RFC 793 on page 72 (fifth check) says: "If the ACK is a duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an ACK, drop the segment, and return". The "ignored" above implies that the processing of the incoming data segment continues, which means the ACK value is treated as acceptable. This mitigation makes the ACK check more stringent since any ACK < SND.UNA wouldn't be accepted, instead only ACKs that are in the range ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through. This can be refined for new (and possibly spoofed) flows, by not accepting ACK for bytes that were never sent. This greatly improves TCP security at a little cost. I added a Fixes: tag to make sure this patch will reach stable trees, even if the 'blamed' patch was adhering to the RFC. tp->bytes_acked was added in linux-4.2 Following packetdrill test (courtesy of Yepeng Pan) shows the issue at hand: 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1024) = 0 // ---------------- Handshake ------------------- // // when window scale is set to 14 the window size can be extended to // 65535 * (2^14) = 1073725440. Linux would accept an ACK packet // with ack number in (Server_ISN+1-1073725440. Server_ISN+1) // ,though this ack number acknowledges some data never // sent by the server. +0 < S 0:0(0) win 65535 <mss 1400,nop,wscale 14> +0 > S. 0:0(0) ack 1 <...> +0 < . 1:1(0) ack 1 win 65535 +0 accept(3, ..., ...) = 4 // For the established connection, we send an ACK packet, // the ack packet uses ack number 1 - 1073725300 + 2^32, // where 2^32 is used to wrap around. // Note: we used 1073725300 instead of 1073725440 to avoid possible // edge cases. // 1 - 1073725300 + 2^32 = 3221241997 // Oops, old kernels happily accept this packet. +0 < . 1:1001(1000) ack 3221241997 win 65535 // After the kernel fix the following will be replaced by a challenge ACK, // and prior malicious frame would be dropped. +0 > . 1:1(0) ack 1001
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 69eae75ca5255e876628ac5cee9eaab31f644b57 (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 458f07ffeccd17f99942311e09ef574ddf4a414a (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 7ffff0cc929fdfc62a74b384c4903d6496c910f0 (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < b17a886ed29f3b70b78ccf632dad03e0c69e3c1a (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 0d4e0afdd6658cd21dd5be61880411a2553fd1fc (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 008b807fe487e0b15a3a6c39add4eb477f73e440 (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 2087d53a66e97a5eb5d1bf558d5bef9e5f891757 (git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27 (git)
Affected: 8d15569e14cfcf9151e9e3b4c0cb98369943a2bb (git)
Affected: e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1 (git)
Affected: 2ee4432e82437a7c051c254b065fbf5d4581e1a3 (git)
Affected: 3.0.58 , < 3.1 (semver)
Affected: 3.2.37 , < 3.3 (semver)
Affected: 3.4.25 , < 3.5 (semver)
Create a notification for this product.
Linux Linux Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 4.14.333 , ≤ 4.14.* (semver)
Unaffected: 4.19.302 , ≤ 4.19.* (semver)
Unaffected: 5.4.264 , ≤ 5.4.* (semver)
Unaffected: 5.10.204 , ≤ 5.10.* (semver)
Unaffected: 5.15.143 , ≤ 5.15.* (semver)
Unaffected: 6.1.68 , ≤ 6.1.* (semver)
Unaffected: 6.6.7 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T16:46:40.495686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T15:11:03.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_input.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "69eae75ca5255e876628ac5cee9eaab31f644b57",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "458f07ffeccd17f99942311e09ef574ddf4a414a",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "7ffff0cc929fdfc62a74b384c4903d6496c910f0",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "b17a886ed29f3b70b78ccf632dad03e0c69e3c1a",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "0d4e0afdd6658cd21dd5be61880411a2553fd1fc",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "008b807fe487e0b15a3a6c39add4eb477f73e440",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "2087d53a66e97a5eb5d1bf558d5bef9e5f891757",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "lessThan": "3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27",
              "status": "affected",
              "version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "8d15569e14cfcf9151e9e3b4c0cb98369943a2bb",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2ee4432e82437a7c051c254b065fbf5d4581e1a3",
              "versionType": "git"
            },
            {
              "lessThan": "3.1",
              "status": "affected",
              "version": "3.0.58",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3",
              "status": "affected",
              "version": "3.2.37",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5",
              "status": "affected",
              "version": "3.4.25",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_input.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.333",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.302",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.264",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.204",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.143",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.333",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.302",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.264",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.204",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.143",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.68",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.7",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.0.58",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.2.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.4.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n   The ACK value is considered acceptable only if\n   it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n   SND.NXT).  All incoming segments whose ACK value doesn\u0027t satisfy the\n   above condition MUST be discarded and an ACK sent back.  It needs to\n   be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n   duplicate (SEG.ACK \u003c SND.UNA), it can be ignored.  If the ACK\n   acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n   ACK, drop the segment, and return\".  The \"ignored\" above implies that\n   the processing of the incoming data segment continues, which means\n   the ACK value is treated as acceptable.  This mitigation makes the\n   ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n   accepted, instead only ACKs that are in the range ((SND.UNA -\n   MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:27:28.074Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
        },
        {
          "url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
        },
        {
          "url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
        }
      ],
      "title": "tcp: do not accept ACK of bytes we never sent",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52881",
    "datePublished": "2024-05-29T10:15:14.186Z",
    "dateReserved": "2024-05-21T15:35:00.781Z",
    "dateUpdated": "2026-05-23T15:27:28.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-52881",
      "date": "2026-06-02",
      "epss": "0.00012",
      "percentile": "0.01662"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52881\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-29T11:16:02.110\",\"lastModified\":\"2025-09-27T00:00:29.923\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntcp: do not accept ACK of bytes we never sent\\n\\nThis patch is based on a detailed report and ideas from Yepeng Pan\\nand Christian Rossow.\\n\\nACK seq validation is currently following RFC 5961 5.2 guidelines:\\n\\n   The ACK value is considered acceptable only if\\n   it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\\n   SND.NXT).  All incoming segments whose ACK value doesn\u0027t satisfy the\\n   above condition MUST be discarded and an ACK sent back.  It needs to\\n   be noted that RFC 793 on page 72 (fifth check) says: \\\"If the ACK is a\\n   duplicate (SEG.ACK \u003c SND.UNA), it can be ignored.  If the ACK\\n   acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\\n   ACK, drop the segment, and return\\\".  The \\\"ignored\\\" above implies that\\n   the processing of the incoming data segment continues, which means\\n   the ACK value is treated as acceptable.  This mitigation makes the\\n   ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\\n   accepted, instead only ACKs that are in the range ((SND.UNA -\\n   MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\\n\\nThis can be refined for new (and possibly spoofed) flows,\\nby not accepting ACK for bytes that were never sent.\\n\\nThis greatly improves TCP security at a little cost.\\n\\nI added a Fixes: tag to make sure this patch will reach stable trees,\\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\\n\\ntp-\u003ebytes_acked was added in linux-4.2\\n\\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\\nthe issue at hand:\\n\\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\\n+0 bind(3, ..., ...) = 0\\n+0 listen(3, 1024) = 0\\n\\n// ---------------- Handshake ------------------- //\\n\\n// when window scale is set to 14 the window size can be extended to\\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\\n// ,though this ack number acknowledges some data never\\n// sent by the server.\\n\\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\\n+0 \u003c . 1:1(0) ack 1 win 65535\\n+0 accept(3, ..., ...) = 4\\n\\n// For the established connection, we send an ACK packet,\\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\\n// where 2^32 is used to wrap around.\\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\\n// edge cases.\\n// 1 - 1073725300 + 2^32 = 3221241997\\n\\n// Oops, old kernels happily accept this packet.\\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\\n\\n// After the kernel fix the following will be replaced by a challenge ACK,\\n// and prior malicious frame would be dropped.\\n+0 \u003e . 1:1(0) ack 1001\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: no acepta ACK de bytes que nunca enviamos. Este parche se basa en un informe detallado e ideas de Yepeng Pan y Christian Rossow. La validaci\u00f3n de secuencia de ACK sigue actualmente las pautas RFC 5961 5.2: El valor de ACK se considera aceptable solo si est\u00e1 en el rango de ((SND.UNA - MAX.SND.WND) \u0026lt;= SEG.ACK \u0026lt;= SND.NXT). Todos los segmentos entrantes cuyo valor ACK no satisface la condici\u00f3n anterior DEBEN descartarse y enviarse un ACK. Es necesario tener en cuenta que RFC 793 en la p\u00e1gina 72 (quinta verificaci\u00f3n) dice: \\\"Si el ACK es un duplicado (SEG.ACK \u0026lt; SND.UNA), se puede ignorar. Si el ACK reconoce algo que a\u00fan no se ha enviado (SEG. ACK \u0026gt; SND.NXT) luego env\u00eda un ACK, descarta el segmento y regresa\\\". Lo \\\"ignorado\\\" anterior implica que el procesamiento del segmento de datos entrantes contin\u00faa, lo que significa que el valor ACK se trata como aceptable. Esta mitigaci\u00f3n hace que la verificaci\u00f3n de ACK sea m\u00e1s estricta, ya que no se aceptar\u00e1 ning\u00fan ACK \u0026lt; SND.UNA; en su lugar, solo se aceptar\u00e1n ACK que est\u00e9n en el rango ((SND.UNA - MAX.SND.WND) \u0026lt;= SEG.ACK \u0026lt;= SND. NXT) pasar. Esto se puede perfeccionar para flujos nuevos (y posiblemente falsificados) al no aceptar ACK para bytes que nunca se enviaron. Esto mejora enormemente la seguridad de TCP a un costo reducido. Agregu\u00e9 una etiqueta Correcciones: para asegurarme de que este parche llegue a \u00e1rboles estables, incluso si el parche \\\"culpado\\\" se adhiri\u00f3 al RFC. tp-\u0026gt;bytes_acked se agreg\u00f3 en Linux-4.2 La siguiente prueba de packagedrill (cortes\u00eda de Yepeng Pan) muestra el problema en cuesti\u00f3n: 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1 ], 4) = 0 +0 enlazar(3, ..., ...) = 0 +0 escuchar(3, 1024) = 0 // ---------------- Apret\u00f3n de manos ------------------- // // cuando la escala de la ventana se establece en 14, el tama\u00f1o de la ventana se puede ampliar a // 65535 * (2^14) = 1073725440. Linux aceptar\u00eda un paquete ACK // con un n\u00famero de reconocimiento en (Server_ISN+1-1073725440. Server_ISN+1) //, aunque este n\u00famero de reconocimiento reconoce algunos datos // nunca enviados por el servidor. +0 \u0026lt; S 0:0(0) win 65535  +0 \u0026gt; S. 0:0(0) ack 1 \u0026lt;...\u0026gt; +0 \u0026lt; . 1:1(0) ack 1 win 65535 +0 aceptar(3, ..., ...) = 4 // Para la conexi\u00f3n establecida, enviamos un paquete ACK, // el paquete de confirmaci\u00f3n utiliza el n\u00famero de confirmaci\u00f3n 1 - 1073725300 + 2^32, // donde 2^32 se usa para envolver. // Nota: utilizamos 1073725300 en lugar de 1073725440 para evitar posibles // casos extremos. // 1 - 1073725300 + 2^32 = 3221241997 // Vaya, los n\u00facleos antiguos aceptan felizmente este paquete. +0 \u0026lt;. 1:1001(1000) ACK 3221241997 win 65535 // Despu\u00e9s de la correcci\u00f3n del kernel, lo siguiente ser\u00e1 reemplazado por un ACK de desaf\u00edo, // y el marco malicioso anterior se eliminar\u00e1. +0 \u0026gt; . 1:1(0) reconocimiento 1001\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.58\",\"versionEndExcluding\":\"3.1\",\"matchCriteriaId\":\"1CD75427-A149-433B-9ED9-A511DBDE359B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2.37\",\"versionEndExcluding\":\"3.3\",\"matchCriteriaId\":\"2C3909DD-C458-4E80-B1F6-146CD9FFBCC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.25\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"54485978-72F1-43B7-AF53-76E63AA730B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8\",\"versionEndExcluding\":\"4.14.333\",\"matchCriteriaId\":\"CB3D4194-EEC6-4D5A-836D-2BC267EDA61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.302\",\"matchCriteriaId\":\"2CF3B659-E808-4FDB-ABDD-1E99FE0658F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.264\",\"matchCriteriaId\":\"EFA13B55-45C3-4ECE-804C-84EA32587F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.204\",\"matchCriteriaId\":\"0957E00E-2BBC-4530-925B-E7D8E7FF9A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.143\",\"matchCriteriaId\":\"B9718AD7-A70A-4A63-90EE-B47010C352E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.68\",\"matchCriteriaId\":\"D73554E0-C1EE-48CC-9FDB-4B66000FEB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.7\",\"matchCriteriaId\":\"38CB764D-606E-4695-8437-DD35E0B1A6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A0038DE-E183-4958-A6E3-CE3821FEAFBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C56C6E04-4F04-44A3-8DB8-93899903CFCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C78EDA4-8BE6-42FC-9512-49032D525A55\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T23:18:41.169Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52881\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-03T16:46:40.495686Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-03T16:46:47.127Z\"}}], \"cna\": {\"title\": \"tcp: do not accept ACK of bytes we never sent\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"354e4aa391ed50a4d827ff6fc11e0667d0859b25\", \"lessThan\": \"69eae75ca5255e876628ac5cee9eaab31f644b57\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"354e4aa391ed50a4d827ff6fc11e0667d0859b25\", \"lessThan\": \"458f07ffeccd17f99942311e09ef574ddf4a414a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"354e4aa391ed50a4d827ff6fc11e0667d0859b25\", \"lessThan\": \"7ffff0cc929fdfc62a74b384c4903d6496c910f0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"354e4aa391ed50a4d827ff6fc11e0667d0859b25\", \"lessThan\": \"b17a886ed29f3b70b78ccf632dad03e0c69e3c1a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"354e4aa391ed50a4d827ff6fc11e0667d0859b25\", \"lessThan\": \"0d4e0afdd6658cd21dd5be61880411a2553fd1fc\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"354e4aa391ed50a4d827ff6fc11e0667d0859b25\", \"lessThan\": \"008b807fe487e0b15a3a6c39add4eb477f73e440\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"354e4aa391ed50a4d827ff6fc11e0667d0859b25\", \"lessThan\": \"2087d53a66e97a5eb5d1bf558d5bef9e5f891757\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"354e4aa391ed50a4d827ff6fc11e0667d0859b25\", \"lessThan\": \"3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27\", \"versionType\": \"git\"}], \"programFiles\": [\"net/ipv4/tcp_input.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.8\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"3.8\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.14.333\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.302\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.264\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.204\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.143\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.68\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.7\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/ipv4/tcp_input.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57\"}, {\"url\": \"https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a\"}, {\"url\": \"https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0\"}, {\"url\": \"https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a\"}, {\"url\": \"https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc\"}, {\"url\": \"https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440\"}, {\"url\": \"https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757\"}, {\"url\": \"https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntcp: do not accept ACK of bytes we never sent\\n\\nThis patch is based on a detailed report and ideas from Yepeng Pan\\nand Christian Rossow.\\n\\nACK seq validation is currently following RFC 5961 5.2 guidelines:\\n\\n   The ACK value is considered acceptable only if\\n   it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\\n   SND.NXT).  All incoming segments whose ACK value doesn\u0027t satisfy the\\n   above condition MUST be discarded and an ACK sent back.  It needs to\\n   be noted that RFC 793 on page 72 (fifth check) says: \\\"If the ACK is a\\n   duplicate (SEG.ACK \u003c SND.UNA), it can be ignored.  If the ACK\\n   acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\\n   ACK, drop the segment, and return\\\".  The \\\"ignored\\\" above implies that\\n   the processing of the incoming data segment continues, which means\\n   the ACK value is treated as acceptable.  This mitigation makes the\\n   ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\\n   accepted, instead only ACKs that are in the range ((SND.UNA -\\n   MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\\n\\nThis can be refined for new (and possibly spoofed) flows,\\nby not accepting ACK for bytes that were never sent.\\n\\nThis greatly improves TCP security at a little cost.\\n\\nI added a Fixes: tag to make sure this patch will reach stable trees,\\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\\n\\ntp-\u003ebytes_acked was added in linux-4.2\\n\\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\\nthe issue at hand:\\n\\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\\n+0 bind(3, ..., ...) = 0\\n+0 listen(3, 1024) = 0\\n\\n// ---------------- Handshake ------------------- //\\n\\n// when window scale is set to 14 the window size can be extended to\\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\\n// ,though this ack number acknowledges some data never\\n// sent by the server.\\n\\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\\n+0 \u003c . 1:1(0) ack 1 win 65535\\n+0 accept(3, ..., ...) = 4\\n\\n// For the established connection, we send an ACK packet,\\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\\n// where 2^32 is used to wrap around.\\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\\n// edge cases.\\n// 1 - 1073725300 + 2^32 = 3221241997\\n\\n// Oops, old kernels happily accept this packet.\\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\\n\\n// After the kernel fix the following will be replaced by a challenge ACK,\\n// and prior malicious frame would be dropped.\\n+0 \u003e . 1:1(0) ack 1001\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T08:27:49.339Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-52881\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T08:27:49.339Z\", \"dateReserved\": \"2024-05-21T15:35:00.781Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-29T10:15:14.186Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.