CVE-2023-3772

Summary

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:4.18.0-513.5.1.rt7.307.el8_9 < *unaffected
Red HatRed Hat Enterprise Linux 80:4.18.0-513.5.1.el8_9 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support0:4.18.0-372.87.1.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support0:4.18.0-477.43.1.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-362.8.1.el9_3 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-362.8.1.el9_3 < *unaffected
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 80:4.18.0-372.87.1.el8_6 < *unaffected

Weaknesses

  • CWE-476: NULL Pointer Dereference

ADP Enrichment

CVE Program Container

Additional References

References