Lucene search

K

MITRECVE-2023-3772

HistoryJul 25, 2023 - 3:47 p.m.

CVE-2023-3772

2023-07-2515:47:40

MITRE

web.nvd.nist.gov

261

linux

kernel

ip framework

xfrm subsystem

cve-2023-3772

nvd

security vulnerability

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.

References

www.openwall.com/lists/oss-security/2023/08/10/1

www.openwall.com/lists/oss-security/2023/08/10/3

access.redhat.com/errata/RHSA-2023:6583

access.redhat.com/errata/RHSA-2023:6901

access.redhat.com/errata/RHSA-2023:7077

access.redhat.com/errata/RHSA-2024:0412

access.redhat.com/errata/RHSA-2024:0575

access.redhat.com/security/cve/CVE-2023-3772

bugzilla.redhat.com/show_bug.cgi?id=2218943

lists.debian.org/debian-lts-announce/2023/10/msg00027.html

lists.debian.org/debian-lts-announce/2024/01/msg00004.html

www.debian.org/security/2023/dsa-5492

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

Related for CVE-2023-3772

cvelist1 ubuntucve1 prion1 redhatcve1 debiancve1 nessus67 osv19 ubuntu15 openvas55 amazon3 photon3 rosalinux1 virtuozzo2 ibm6 oraclelinux3 mageia2 debian3 redhat9 almalinux1 redos1 slackware1 ics1