7.8
CVE-2023-3106
- EPSS 0.01%
- Veröffentlicht 12.07.2023 09:15:14
- Zuletzt bearbeitet 21.11.2024 08:16:28
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Kernel: netlink socket crash (null pointer deref) in netlink_dump function
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.15 < 3.16.39
Linux ≫ Linux Kernel Version >= 3.17 < 4.4.223
Linux ≫ Linux Kernel Version >= 4.5 < 4.7.10
Linux ≫ Linux Kernel Version4.8 Updaterc1
Linux ≫ Linux Kernel Version4.8 Updaterc2
Linux ≫ Linux Kernel Version4.8 Updaterc3
Linux ≫ Linux Kernel Version4.8 Updaterc4
Linux ≫ Linux Kernel Version4.8 Updaterc5
Linux ≫ Linux Kernel Version4.8 Updaterc6
Fedoraproject ≫ Fedora Version38
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.02 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 6.6 | 1.8 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.