CVE-2023-2166NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.111.1-1 ON CBL Mariner 2.0+5 more
Timeline
PublishedApr 19
Latest updateApr 20

Description

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

debiandebian/linux< linux 6.1.4-1 (bookworm)
NVDlinux/linux_kernel< 6.1+1
Debianlinux/linux_kernel< 5.10.162-1+3
CVEListV5linux/linux_kernelLinux Kernel version prior to Kernel 6.1 RC9

🔴Vulnerability Details

2
GHSA
GHSA-f7h3-2rcm-qw98: A null pointer dereference issue was found in can protocol in net/can/af_can2023-04-20
OSV
CVE-2023-2166: A null pointer dereference issue was found in can protocol in net/can/af_can2023-04-19

📋Vendor Advisories

3
Microsoft
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this 2023-04-11
Debian
CVE-2023-2166: linux - A null pointer dereference issue was found in can protocol in net/can/af_can.c i...2023
Red Hat
kernel: NULL pointer dereference in can_rcv_filter2022-12-06

💬Community

1
Bugzilla
CVE-2023-2166 kernel: NULL pointer dereference in can_rcv_filter2023-04-18
CVE-2023-2166 — NULL Pointer Dereference in Kernel | cvebase