CVE-2023-54161 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference6 documents5 sources

Severity

5.5LOW

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Msrc Azl3 Kernel 6.6.117.1-1 ON Azure Linux 3.0

Timeline

PublishedDec 24

Description

kernel: Linux kernel: Denial of Service via use-after-free in unix_stream_sendpage() A flaw was found in the Linux kernel. A local user could exploit a race condition in the `unix_stream_sendpage()` function, which handles sending data over Unix domain sockets. This race condition occurs during the garbage collection of socket file descriptors, leading to a use-after-free vulnerability. Successful exploitation of this flaw can result in a system crash, causing a Denial of Service (DoS). Packag…

Affected Packages2 packages

▶Linuxlinux/linux_kernel4.2.0 — 5.15.128

▶msrcmsrc/azl3_kernel_6.6.117.1-1_on_azure_linux_3.0

🔴Vulnerability Details

OSV

CVE-2023-54161: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix null-ptr-deref in unix_stream_sendpage()↗2025-12-24

▶

OSV

af_unix: Fix null-ptr-deref in unix_stream_sendpage().↗2025-12-24

▶

GHSA

GHSA-7j7j-rcvh-xpm2: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix null-ptr-deref in unix_stream_sendpage()↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Denial of Service via use-after-free in unix_stream_sendpage()↗2025-12-24

▶

Microsoft

af_unix: Fix null-ptr-deref in unix_stream_sendpage().↗2025-12-09

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54161 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶