A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.

🗓️ 30 Apr 2023 07:00:00Reported by MicrosoftType

Null pointer dereference in the Unix protocol of the linux kernel when a new skb lacks a socket, risking crash.

Reporter	Title	Published	Views	Family All 339
Tenable Nessus	Alibaba Cloud Linux 3 : 0079: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0079)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0136: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0136)	14 May 202500:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2023-2072)	7 Jun 202300:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2023-2124)	7 Jun 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-2272)	4 Jul 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-2296)	4 Jul 202300:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2023-0142)	9 Nov 202300:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2024-0017)	18 Apr 202400:00	–	nessus
Tenable Nessus	Photon OS 4.0: Linux PHSA-2021-4.0-0065	22 Jul 202100:00	–	nessus
Tenable Nessus	RHEL 9 : kernel-rt (RHSA-2023:5603)	10 Oct 202300:00	–	nessus

Vulners

Node

25 May 2023 07:00Current

7.2High risk

Vulners AI Score7.2

CVSS 3.15.5

EPSS0.00012

SSVC