Lucene search

K
cvelistRedhatCVELIST:CVE-2023-2166
HistoryApr 19, 2023 - 12:00 a.m.

CVE-2023-2166

2023-04-1900:00:00
CWE-476
redhat
www.cve.org
1
linux
null pointer dereference
can protocol
net/can/af_can.c
ml_priv
receive path
local user
crash
denial of service

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Linux",
    "versions": [
      {
        "version": "Linux Kernel version prior to Kernel 6.1 RC9",
        "status": "affected"
      }
    ]
  }
]

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%