CVE-2023-2177NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference8 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxPaloalto Pan-os+6 more
Timeline
PublishedApr 20
Latest updateFeb 14

Description

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

NVDlinux/linux_kernel< 5.19+1
Debianlinux/linux_kernel< 5.10.136-1+3
CVEListV5linux/linux_kernelLinux Kernel prior to Kernel 5.19 RC17
debiandebian/linux< linux 5.18.16-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-2177: A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched2023-04-20
GHSA
GHSA-jh37-vq2p-5j5h: A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched2023-04-20

📋Vendor Advisories

4
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Microsoft
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed stream_out is freed which would further be accesse2023-04-11
Debian
CVE-2023-2177: linux - A null pointer dereference issue was found in the sctp network protocol in net/s...2023
Red Hat
Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common2022-07-25

💬Community

1
Bugzilla
CVE-2023-2177 Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common2023-04-19
CVE-2023-2177 — NULL Pointer Dereference in Kernel | cvebase