CVE-2023-2593 | THREATINT

Description

A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.

PUBLISHED Reserved 2023-05-09 | Published 2025-07-30 | Updated 2025-11-20 | Assigner redhat

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Loop with Unreachable Exit Condition ('Infinite Loop')

Product status

Default status

unaffected

Any version before 6.2-rc3

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Timeline

2025-07-30:	Reported to Red Hat.
2023-05-17:	Made public.

References

access.redhat.com/security/cve/CVE-2023-2593 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2384787 (RHBZ#2384787) issue-tracking

lore.kernel.org/...XzNR4b+zHshSqidRdFKVf_7Jg@mail.gmail.com/

cve.org (CVE-2023-2593)

nvd.nist.gov (CVE-2023-2593)

Download JSON

help @ threatint.eu