CVE-2023-0881
Published: 31 March 2025
Description
Adversaries may attempt to cause a denial of service (DoS) by directly sending a high-volume of network traffic to a target.
Security Summary
CVE-2023-0881 is a denial-of-service vulnerability in the linux-bluefield kernel package, where running a DDoS attack on TCP port 22 triggers a kernel crash. The issue stems from an incomplete backport of a commit related to nft_lookup, lacking subsequent fixes that address the problem. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-20 (Improper Input Validation) and CWE-1333 (Inefficient Complicated Loop).
Any unauthenticated attacker with network access can exploit this vulnerability by launching a DDoS attack targeting TCP port 22, causing a complete kernel crash and disrupting system availability without requiring privileges or user interaction.
The Ubuntu Launchpad bug report for linux-bluefield (https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2006397) details the resolution, which involves applying the missing commits from the original nft_lookup fixes to the linux-bluefield package, effectively patching the vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability directly enables direct network flood (DDoS on TCP 22) to trigger kernel crash and system DoS.