CVE-2023-6622 — MEDIUM (5.5)

Q: How severe is CVE-2023-6622?

CVE-2023-6622 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-6622?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Linux Linux Kernel, Redhat Enterprise Linux.

Vulnerability Description

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	38
Linux	Linux Kernel	>= 5.11, <= 6.6
Redhat	Enterprise Linux	8.0

Related Weaknesses (CWE)

CWE-476

References

https://access.redhat.com/errata/RHSA-2024:2394Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2950Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3138Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6622Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253632Issue TrackingPatch
https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bePatch
https://access.redhat.com/errata/RHSA-2024:2394Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2950Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3138Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6622Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253632Issue TrackingPatch
https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bePatch
https://lists.fedoraproject.org/archives/list/[email protected]Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Third Party Advisory

FAQ

What is CVE-2023-6622?

CVE-2023-6622 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user pr...

How severe is CVE-2023-6622?

CVE-2023-6622 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6622?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Linux Linux Kernel, Redhat Enterprise Linux.