Lucene search

K
cve[email protected]CVE-2023-28327
HistoryApr 19, 2023 - 11:15 p.m.

CVE-2023-28327

2023-04-1923:15:07
CWE-476
web.nvd.nist.gov
72
2
cve-2023-28327
unix protocol
net
diag.c
linux kernel
null pointer
local user
denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.

Affected configurations

NVD
Node
linuxlinux_kernelRange<6.0
Node
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Linux",
    "versions": [
      {
        "version": "Linux",
        "status": "affected"
      }
    ]
  }
]

Social References

More

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%