PT-2022-6410 · Linux+7 · Linux Kernel+7

Mingi Cho

·

Published

2022-08-09

·

Updated

2024-02-27

·

CVE-2023-1095

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the nf tables updtable function in the Linux kernel's netfilter tables API, which can lead to a NULL pointer dereference. This occurs when nf tables table enable returns an error, and nft trans destroy is called to free the transaction object. The nft trans destroy function calls list del, but since the transaction was never added to a list, the list head is all zeroes, resulting in the NULL pointer dereference. Exploitation of this issue could allow an attacker to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2022-2915
ALT-PU-2022-2919
ALT-PU-2022-2922
ALT-PU-2022-2925
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-13822
BDU:2023-01207
CESA-2023_2736
CESA-2023_2951
CVE-2023-1095
OESA-2023-1181
OESA-2023-1182
OESA-2023-1381
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
RHSA-2022:7933
RHSA-2022:8267
RHSA-2022_7933
RHSA-2022_8267
RHSA-2023:2736
RHSA-2023:2951
RHSA-2023:5627
RHSA-2023:5628
RHSA-2023:6813
RHSA-2023_2736
RHSA-2023_2951
SUSE-SU-2023:0779-1
SUSE-SU-2023:1608-1
SUSE-SU-2023:1609-1
SUSE-SU-2023:1710-1
SUSE-SU-2023:1800-1
SUSE-SU-2023:1801-1
SUSE-SU-2023:1803-1
SUSE-SU-2023:1811-1
SUSE-SU-2023:1848-1
SUSE-SU-2023:1894-1
SUSE-SU-2023:2232-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
USN-6001-1
USN-6013-1
USN-6014-1
USN-6031-1

Affected Products

Alt Linux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu