CVE-2023-5972 — NULL Pointer Dereference in Kernel
Severity
7.8HIGHNVD
CNA7.0OSV4.9
EPSS
0.0%
top 97.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 23
Latest updateFeb 23
Description
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
Also affects: Fedora 39
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities↗2024-02-07
CVEList▶
Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c↗2023-11-23
📋Vendor Advisories
5Microsoft▶
Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c↗2023-11-14
Red Hat▶
kernel: The NFTA_INNER_NUM and NFTA_EXPR_NAME netlink attributes accessed without checking its presence in nft_inner.c↗2023-10-12
Debian▶
CVE-2023-5972: linux - A null pointer dereference flaw was found in the nft_inner.c functionality of ne...↗2023
💬Community
1Bugzilla▶
CVE-2023-5972 kernel: The NFTA_INNER_NUM and NFTA_EXPR_NAME netlink attributes accessed without checking its presence in nft_inner.c↗2023-11-06