CVE-2023-53147NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: add NULL check in xfrm_update_ae_params Normally, x->replay_esn and x->preplay_esn should be allocated at xfrm_alloc_replay_state_esn(...) in xfrm_state_construct(...), hence the xfrm_update_ae_params(...) is okay to update them. However, the current implementation of xfrm_new_ae(...) allows a malicious user to directly dereference a NULL pointer and crash the kernel like below. BUG: kernel NULL pointer dereference, add

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel2.6.394.14.324+7
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linuxd8647b79c3b7e223ac051439d165bc8e7bbb832fed1cba039309c80b49719fcff3e3d7cdddb73d96+8
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-x33g-396q-pw6p: In the Linux kernel, the following vulnerability has been resolved: xfrm: add NULL check in xfrm_update_ae_params Normally, x->replay_esn and x->pre2025-09-15
OSV
CVE-2023-53147: In the Linux kernel, the following vulnerability has been resolved: xfrm: add NULL check in xfrm_update_ae_params Normally, x->replay_esn and x->prepl2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: xfrm: add NULL check in xfrm_update_ae_params2025-09-15
Debian
CVE-2023-53147: linux - In the Linux kernel, the following vulnerability has been resolved: xfrm: add N...2023
CVE-2023-53147 — NULL Pointer Dereference in Linux | cvebase