CVE-2023-0394NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference59 documents10 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV5.9OSV4.7
EPSS
0.0%
top 93.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Linux KernelDebian LinuxPaloalto Pan-os+7 more
Timeline
PublishedJan 26
Latest updateFeb 14

Description

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

NVDlinux/linux_kernel< 6.2+1
Debianlinux/linux_kernel< 5.10.162-1+3
Ubuntulinux/linux_kernel< 4.15.0-208.220+3
CVEListV5linux/linux_kernelLinux kernel prior to Kernel 6.2 RC4
debiandebian/linux< linux 6.1.7-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

26
OSV
linux-intel-iotg-5.15 vulnerabilities2023-06-01
OSV
linux-gcp, linux-hwe-5.19 vulnerabilities2023-05-22
OSV
linux, linux-aws, linux-azure, linux-azure-5.19, linux-kvm, linux-lowlatency, linux-raspi vulnerabilities2023-05-16
OSV
linux-intel-iotg vulnerabilities2023-05-05
OSV
linux-hwe-5.15 vulnerabilities2023-04-25

📋Vendor Advisories

31
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
CISA ICS
Siemens SIMATIC S7-1500 TM MFP BIOS2023-06-15
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-06-01
Ubuntu
Linux kernel vulnerabilities2023-05-22
Ubuntu
Linux kernel vulnerabilities2023-05-18

📄Research Papers

1
arXiv
When eBPF Meets Machine Learning: On-the-fly OS Kernel Compartmentalization2024-01-11