CVE-2023-3106

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 2

A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-07-12 09:15:14
(14 months ago)
Updated Date: 2024-02-15 16:03:47
(7 months ago)

Affected Products

Fedoraproject

Fedora

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.15 version and prior 3.16.39 version	cpe:2.3:o:linux:linux_kernel	>= 3.15	< 3.16.39
Linux Kernel from 3.17 version and prior 4.4.223 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 4.4.223
Linux Kernel from 4.5 version and prior 4.7.10 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.7.10
Linux Kernel 4.8 Rc1	cpe:2.3:o:linux:linux_kernel:4.8:rc1
Linux Kernel 4.8 Rc2	cpe:2.3:o:linux:linux_kernel:4.8:rc2
Linux Kernel 4.8 Rc3	cpe:2.3:o:linux:linux_kernel:4.8:rc3
Linux Kernel 4.8 Rc4	cpe:2.3:o:linux:linux_kernel:4.8:rc4
Linux Kernel 4.8 Rc5	cpe:2.3:o:linux:linux_kernel:4.8:rc5
Linux Kernel 4.8 Rc6	cpe:2.3:o:linux:linux_kernel:4.8:rc6

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 38	cpe:2.3:o:fedoraproject:fedora:38