7.8

CVE-2023-5972

Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.2.1 <= 6.5.10
LinuxLinux Kernel Version6.2 Updaterc1
LinuxLinux Kernel Version6.2 Updaterc2
LinuxLinux Kernel Version6.2 Updaterc3
LinuxLinux Kernel Version6.2 Updaterc4
LinuxLinux Kernel Version6.2 Updaterc5
LinuxLinux Kernel Version6.2 Updaterc6
LinuxLinux Kernel Version6.2 Updaterc7
LinuxLinux Kernel Version6.2 Updaterc8
LinuxLinux Kernel Version6.2.0 Updaterc1
LinuxLinux Kernel Version6.2.0 Updaterc2
LinuxLinux Kernel Version6.2.0 Updaterc3
LinuxLinux Kernel Version6.2.0 Updaterc4
LinuxLinux Kernel Version6.2.0 Updaterc5
LinuxLinux Kernel Version6.2.0 Updaterc6
LinuxLinux Kernel Version6.6 Updaterc1
LinuxLinux Kernel Version6.6 Updaterc2
LinuxLinux Kernel Version6.6 Updaterc3
LinuxLinux Kernel Version6.6 Updaterc4
LinuxLinux Kernel Version6.6 Updaterc5
LinuxLinux Kernel Version6.6 Updaterc6
FedoraprojectFedora Version39
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.191
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://access.redhat.com/security/cve/CVE-2023-5972
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248189
Patch
Issue Tracking
https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7
Patch
https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80
Patch