CVE-2023-3106

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue was found in the netlink dump function. This occurs when the Netlink socket receives a message of type XFRM MSG GETSA or XFRM MSG GETPOLICY with the DUMP flag set, potentially causing a denial of service or other unspecified impact. Although unlikely, privilege escalation cannot be fully ruled out due to the nature of the flaw. The vulnerability is related to the use of uninitialized variables in the xfrm state walk done() function in the net/xfrm/xfrm user.c module of the Linux kernel's XFRM subsystem. Exploitation may allow an attacker to impact data integrity, confidentiality, or availability, or potentially elevate privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.