Vulnerability Details : CVE-2023-3106
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
Vulnerability category: Memory CorruptionGain privilegeDenial of service
Products affected by CVE-2023-3106
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.8:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.8:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.8:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.8:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.8:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.8:rc4:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3106
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3106
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
6.6
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
1.8
|
4.7
|
Red Hat, Inc. |
CWE ids for CVE-2023-3106
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-3106
-
https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635
xfrm: fix crash in XFRM_MSG_GETSA netlink handler · torvalds/linux@1ba5bf9 · GitHubPatch
-
https://access.redhat.com/security/cve/CVE-2023-3106
CVE-2023-3106- Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2221501
2221501 – (CVE-2023-3106) CVE-2023-3106 kernel: Netlink socket crash (null pointer deref) in netlink_dump functionIssue Tracking;Patch;Third Party Advisory
Jump to