Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-28327
HistoryApr 19, 2023 - 12:00 a.m.

CVE-2023-28327

2023-04-1900:00:00
ubuntu.com
ubuntu.com
20
cve-2023-28327
null pointer dereference
unix protocol
net/unix/diag.c
linux kernel
local user
denial of service
bugzilla
red hat

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%

A NULL pointer dereference flaw was found in the UNIX protocol in
net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly
allocated skb does not have sk, leading to a NULL pointer. This flaw allows
a local user to crash or potentially cause a denial of service.

Bugs

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%