CVE-2023-28466

CVSS v3.1 7 (High)

EPSS 0.04 % (5^th)

Affected Products 7

Advisories 63

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2023-03-16 00:15:11
(18 months ago)
Updated Date: 2023-11-09 13:57:20
(10 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Netapp

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.13 version and 5.4.240 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 4.13	<= 5.4.240
Linux Kernel from 5.5 version and prior 5.10.177 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.177
Linux Kernel from 5.11 version and prior 5.15.105 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.105
Linux Kernel from 5.16 version and prior 6.1.20 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.20
Linux Kernel from 6.2 version and prior 6.2.7 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.2.7

Configuration #2

		CPE23	From	Up To
	Netapp H300s	cpe:2.3:h:netapp:h300s:-
	Netapp H410c	cpe:2.3:h:netapp:h410c:-
	Netapp H410s	cpe:2.3:h:netapp:h410s:-
	Netapp H500s	cpe:2.3:h:netapp:h500s:-
	Netapp H700s	cpe:2.3:h:netapp:h700s:-

Configuration #3

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0