Vulnerabilities > CVE-2023-3772 - NULL Pointer Dereference vulnerability in multiple products

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

NVD

Published: 2023-07-25

Updated: 2024-01-30

Summary

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0 Redhat Enterprise Linux FOR Real Time 8.0 Redhat Enterprise Linux FOR Real Time FOR NFV 8.0	4
OS	Fedoraproject Fedoraproject Fedora -	1
OS	Linux Linux Linux Kernel -	1
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 12.0	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References