CVE-2023-53198NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in raw_get_next(). Dae R. Jeong reported a NULL deref in raw_get_next() [0]. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another netns. unshare(0x40060200) r0 = syz_open_procfs(0x0, &(0x7f0000002080)='net/raw\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) pread64(r0, &(0x7f0000000000)=""/10, 0xa, 0x10000000007f) After com

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.18.185.19+3
Debianlinux/linux_kernel< 6.1.25-1+2
CVEListV5linux/linux0daf07e527095e64ee8927ce297ab626643e9f51b34056bedf04d08ef24f713a7f93bad1274a838d+5
debiandebian/linux< linux 6.1.25-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-hmqp-vg4p-vwv9: In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in raw_get_next()2025-09-15
OSV
CVE-2023-53198: In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in raw_get_next()2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: raw: Fix NULL deref in raw_get_next()2025-09-15
Debian
CVE-2023-53198: linux - In the Linux kernel, the following vulnerability has been resolved: raw: Fix NU...2023
CVE-2023-53198 — NULL Pointer Dereference in Linux | cvebase