CVE-2023-2177

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 14

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-04-20 21:15:08
(17 months ago)
Updated Date: 2023-04-28 03:48:24
(16 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	Up To
Linux Kernel prior 5.19 version	cpe:2.3:o:linux:linux_kernel	< 5.19
Linux Kernel 5.19 Rc1	cpe:2.3:o:linux:linux_kernel:5.19:rc1
Linux Kernel 5.19 Rc2	cpe:2.3:o:linux:linux_kernel:5.19:rc2
Linux Kernel 5.19 Rc3	cpe:2.3:o:linux:linux_kernel:5.19:rc3
Linux Kernel 5.19 Rc4	cpe:2.3:o:linux:linux_kernel:5.19:rc4
Linux Kernel 5.19 Rc5	cpe:2.3:o:linux:linux_kernel:5.19:rc5
Linux Kernel 5.19 Rc6	cpe:2.3:o:linux:linux_kernel:5.19:rc6
Linux Kernel 5.19 Rc7	cpe:2.3:o:linux:linux_kernel:5.19:rc7
Linux Kernel 5.19 Rc8	cpe:2.3:o:linux:linux_kernel:5.19:rc8