CVE-2023-53987NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp. After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock"), we use RCU for ping sockets, but we should use spinlock for /proc/net/icmp to avoid a potential NULL deref mentioned in the previous patch. Let's go back to using spinlock there. Note we can convert ping sockets to use hlist instead of hlist_nulls because we do not use SLAB_TYPESAFE_BY_RCU for pin

Affected Packages4 packages

Linuxlinux/linux_kernel6.0.06.1.24+1
Debianlinux/linux_kernel< 6.1.25-1+2
CVEListV5linux/linuxdbca1596bbb08318f5e3b3b99f8ca0a0d3830a655a08a32e624908890aa0a2eb442bb6a7669891a8+4
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
OSV
ping: Fix potentail NULL deref for /proc/net/icmp.2025-12-24
GHSA
GHSA-m6qc-r2rx-cm2q: In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp2025-12-24
OSV
CVE-2023-53987: In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service via NULL dereference in ping socket handling2025-12-24
Debian
CVE-2023-53987: linux - In the Linux kernel, the following vulnerability has been resolved: ping: Fix p...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53987 Impact, Exploitability, and Mitigation Steps | Wiz