Login Sign Up

CVE-2023-2156

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's RPL protocol handling allows unauthenticated remote attackers to trigger an assertion failure by sending specially crafted data. This causes a denial of service (system crash or hang) affecting systems with RPL protocol enabled. Any Linux system using RPL networking is potentially vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with RPL protocol support (specific affected versions in Red Hat Bugzilla 2196292)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) is enabled. Most standard Linux installations do not enable RPL by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring manual reboot, potentially causing extended downtime for critical systems.

🟠

Likely Case

Kernel panic or system hang requiring reboot, disrupting services temporarily.

🟢

If Mitigated

No impact if RPL protocol is disabled or systems are patched.

🌐 Internet-Facing: MEDIUM - Requires RPL protocol exposure to untrusted networks, which is uncommon in typical internet-facing configurations.
🏢 Internal Only: LOW - RPL protocol is typically used in specialized IoT/industrial networks, not general internal corporate networks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted RPL packets to vulnerable systems with RPL enabled.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel patches available through distribution updates (check specific vendor advisories)

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2196292

Restart Required: Yes

Instructions:

1. Check your Linux distribution's security advisories. 2. Apply kernel updates via package manager (yum update kernel / apt-get upgrade linux-image). 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable RPL protocol

linux

Disable the RPL protocol if not needed

echo 0 > /proc/sys/net/ipv6/conf/all/rpl_seg_enabled
sysctl -w net.ipv6.conf.all.rpl_seg_enabled=0

🧯 If You Can't Patch

  • Disable RPL protocol using sysctl commands
  • Implement network filtering to block RPL protocol traffic (UDP port not standardized, typically uses IPv6 routing headers)

🔍 How to Verify

Check if Vulnerable:

Check if RPL is enabled: cat /proc/sys/net/ipv6/conf/all/rpl_seg_enabled (1 = enabled, 0 = disabled)

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • System crash/reboot logs
  • RPL protocol error messages in kernel logs

Network Indicators:

  • Unusual RPL protocol traffic patterns
  • Malformed IPv6 routing header packets

SIEM Query:

source="kernel" AND ("panic" OR "RPL" OR "assertion failure")

📊 Metadata

CVE ID: CVE-2023-2156
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-617
Published: May 9, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2156, you might also want to check these:

CVE-2023-37015 8.6

This vulnerability allows remote attackers to cause denial of service by sending malformed ASN.1 pac...

Same vulnerability type (CWE-617)
CVE-2023-37016 8.6

CVE-2023-37016 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial o...

Same vulnerability type (CWE-617)
CVE-2023-37017 8.6

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packet...

Same vulnerability type (CWE-617)