7.8

CVE-2023-3106

EPSS 0.01%
Published 12.07.2023 09:15:14
Last modified 21.11.2024 08:16:28
Source secalert@redhat.com
Teams watchlist Login
Open Login

A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.15 < 3.16.39

Linux ≫ Linux Kernel Version >= 3.17 < 4.4.223

Linux ≫ Linux Kernel Version >= 4.5 < 4.7.10

Linux ≫ Linux Kernel Version4.8 Updaterc1

Linux ≫ Linux Kernel Version4.8 Updaterc2

Linux ≫ Linux Kernel Version4.8 Updaterc3

Linux ≫ Linux Kernel Version4.8 Updaterc4

Linux ≫ Linux Kernel Version4.8 Updaterc5

Linux ≫ Linux Kernel Version4.8 Updaterc6

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	6.6	1.8	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://access.redhat.com/security/cve/CVE-2023-3106

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2221501

Patch

Third Party Advisory

Issue Tracking

https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-3106

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3106

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3106

EUVD