CVE-2023-3106

A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-3106	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2221501	Issue Tracking Patch Third Party Advisory
https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc1::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc2::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc3::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc4::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc5::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc6::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-12 09:15

Updated : 2024-02-15 16:03

NVD link : CVE-2023-3106

Mitre link : CVE-2023-3106

CVE.ORG link : CVE-2023-3106

JSON object : View

Products Affected

fedoraproject

fedora

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2023-3106", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.8}]}, "published": "2023-07-12T09:15:14.550", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3106", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221501", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely."}], "lastModified": "2024-02-15T16:03:47.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C441EE1-EC9F-4D9D-95A4-3FD494363278", "versionEndExcluding": "3.16.39", "versionStartIncluding": "3.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C132AFE-2E0B-47FD-BBAB-B5D5E3AC6DD1", "versionEndExcluding": "4.4.223", "versionStartIncluding": "3.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6C1817C-C779-47B1-B9F7-A77838991F27", "versionEndExcluding": "4.7.10", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DCA12A5-2DA5-4357-9C9A-D57CA605BAB0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A2F7F5F-5684-4D0A-8AB9-22F739A4CA38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35868503-6ECC-47B7-A31E-1030CDBD9AC3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A6BD9A6-A3A8-4277-80ED-A169FD374D5A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22786B53-9B60-4708-9176-276DF0767E9B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AAE030D-F039-4E93-BFA5-74456E2FC4A5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}