CVE-2023-54082NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelMsrc Azl3 Kernel 6.6.117.1-1 ON Azure Linux 3.0
Timeline
PublishedDec 24

Description

af_unix: Fix null-ptr-deref in unix_stream_sendpage(). In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix null-ptr-deref in unix_stream_sendpage(). Bing-Jhong Billy Jheng reported null-ptr-deref in unix_stream_sendpage() with detailed analysis and a nice repro. unix_stream_sendpage() tries to add data to the last skb in the peer's recv queue without locking the queue. If the peer's FD is passed to another socket and the socket's FD is passed to the peer, there

Affected Packages3 packages

Linuxlinux/linux_kernel4.2.05.10.192
Debianlinux/linux_kernel< 5.10.197-1

🔴Vulnerability Details

3
OSV
af_unix: Fix null-ptr-deref in unix_stream_sendpage().2025-12-24
GHSA
GHSA-ggff-5vp9-rcr3: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix null-ptr-deref in unix_stream_sendpage()2025-12-24
OSV
CVE-2023-54082: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix null-ptr-deref in unix_stream_sendpage()2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Kernel: Denial of Service due to use-after-free in unix_stream_sendpage()2025-12-24
Microsoft
af_unix: Fix null-ptr-deref in unix_stream_sendpage().2025-12-09

🕵️Threat Intelligence

1
Wiz
CVE-2023-54082 Impact, Exploitability, and Mitigation Steps | Wiz