CVE-2023-6176

Summary

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:4.18.0-553.rt7.342.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 80:4.18.0-553.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-427.13.1.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-427.13.1.el9_4 < *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References