Lucene search
RedhatCVELIST:CVE-2023-5972HistoryNov 23, 2023 - 5:21 p.m.
CVE-2023-5972 Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c
2023-11-2317:21:20
CWE-476
redhat
www.cve.org
6
cve-2023-5972
netlink attributes
privilege escalation
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0
Percentile
5.1%
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
CNA Affected
[
{
"product": "kernel",
"vendor": "n/a",
"defaultStatus": "affected"
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"product": "Fedora",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "kernel",
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2023-5972
2023-11-23 18:15:07
redhatcve
redhatcve
CVE-2023-5972
2023-11-23 15:51:23
debiancve
debiancve
CVE-2023-5972
2023-11-23 18:15:07
cve
cve
CVE-2023-5972
2023-11-23 18:15:07
osv
osv
cbl_mariner
cbl_mariner
prion
prion
Null pointer dereference
2023-11-23 18:15:00
ubuntucve
ubuntucve
CVE-2023-5972
2023-11-23 00:00:00
nessus
nessus
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6624-1)
2024-02-08 00:00:00
Ubuntu 23.10 : Linux kernel (Azure) vulnerabilities (USN-6652-1)
2024-02-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6624-1)
2024-02-08 00:00:00
Ubuntu: Security Advisory (USN-6652-1)
2024-02-26 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-02-07 00:00:00
Linux kernel (Azure) vulnerabilities
2024-02-23 00:00:00
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVELIST:CVE-2023-5972