medium
5.5
CWE
401
Advisory Published
CVE Published
Updated

CVE-2023-1074

First published: Sun Feb 26 2023(Updated: )

A flaw in the Linux Kernel found. Fail if no bound addresses can be used for a given scope. A type confusion can happen in inet_diag_msg_sctpasoc_fill() in net/sctp/diag.c, which uses a type confused pointer to return information to userspace when issuing a list_entry() on asoc-&gt;base.bind_addr.address_list.next when the list is empty. References: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f">https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f</a> <a href="https://www.openwall.com/lists/oss-security/2023/01/23/1">https://www.openwall.com/lists/oss-security/2023/01/23/1</a>

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/kernel<6.2
6.2
Linux Kernel
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.13-1
IBM Security Verify Governance - Identity Manager<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager<=ISVG 10.0.2

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2023-1074?

    CVE-2023-1074 has been classified as a critical vulnerability due to the potential for type confusion and its implications on system security.

  • Which software versions are affected by CVE-2023-1074?

    CVE-2023-1074 affects various versions of the Linux Kernel, specifically those prior to 5.10.223-1, 5.10.226-1, 6.1.123-1, and 6.2, as well as specific IBM Security Verify Governance versions.

  • How do I fix CVE-2023-1074?

    To fix CVE-2023-1074, upgrade your affected Linux Kernel to version 5.10.223-1, 5.10.226-1, 6.1.123-1, or 6.2.

  • What systems are impacted by CVE-2023-1074?

    CVE-2023-1074 impacts systems utilizing the Linux Kernel and specific versions of IBM Security Verify Governance, Identity Manager components.

  • What is the nature of the vulnerability described in CVE-2023-1074?

    CVE-2023-1074 is a type confusion vulnerability that occurs in the inet_diag_msg_sctpasoc_fill() function, potentially allowing unauthorized information to be returned to userspace.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203