Vulnerability Description
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.15, < 3.16.39 |
| Fedoraproject | Fedora | 38 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2023-3106Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2221501Issue TrackingPatchThird Party Advisory
- https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb563Patch
- https://access.redhat.com/security/cve/CVE-2023-3106Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2221501Issue TrackingPatchThird Party Advisory
- https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb563Patch
FAQ
What is CVE-2023-3106?
CVE-2023-3106 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, ...
How severe is CVE-2023-3106?
CVE-2023-3106 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3106?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora.