CVE-2023-3772

CVSS v3.1 4.4 (Medium)

EPSS 0.04 % (5^th)

Affected Products 6

Advisories 45

NVD Status Modified

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
NVD Status: Modified
CNA: Red Hat, Inc.
Published Date: 2023-07-25 16:15:11
(13 months ago)
Updated Date: 2024-09-13 19:15:14
(2 days ago)

Affected Products

Redhat

Configuration #1

		CPE23	From	Up To
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0
	Redhat Enterprise Linux for Real Time 8.0	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0
	Redhat Enterprise Linux for Real Time For Nfv 8.0	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora	cpe:2.3:o:fedoraproject:fedora:-

Configuration #3

		CPE23	From	Up To
	Linux Kernel	cpe:2.3:o:linux:linux_kernel:-

Configuration #4

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Debian Linux 12.0	cpe:2.3:o:debian:debian_linux:12.0

Weaknesses

Affected Products

Debian

Fedoraproject

Linux

Redhat

Configuration #1

Configuration #2

Configuration #3

Configuration #4