PT-2023-3972 · Linux+9 · Linux Kernel+9

Lin Ma

·

Published

2023-07-21

·

Updated

2025-12-01

·

CVE-2023-3772

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description A flaw exists in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP NET ADMIN privileges to directly dereference a NULL pointer in the xfrm update ae params() function, potentially leading to a kernel crash and denial of service. The vulnerability resides in the net/xfrm/xfrm user.c module.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2023:7077
ALT-PU-2023-5044
AZL-33497
BDU:2023-04268
CESA-2023_6901
CESA-2023_7077
CVE-2023-3772
DLA-3623-1
DLA-3710-1
DSA-5492-1
MGASA-2023-0328
MGASA-2023-0331
OESA-2023-1509
OESA-2023-1510
OESA-2023-1511
OESA-2023-1512
OESA-2023-1513
OPENSUSE-SU-2023_3599-1
OPENSUSE-SU-2023_3599-2
OPENSUSE-SU-2023_3600-1
OPENSUSE-SU-2023_3600-2
OPENSUSE-SU-2023_3656-1
OPENSUSE-SU-2023_3680-1
OPENSUSE-SU-2023_3682-1
OPENSUSE-SU-2023_3683-1
OPENSUSE-SU-2023_3683-2
OPENSUSE-SU-2023_3684-1
OPENSUSE-SU-2023_3704-1
OPENSUSE-SU-2023_3704-2
OPENSUSE-SU-2023_3964-1
OPENSUSE-SU-2023_3969-1
OPENSUSE-SU-2023_3971-1
OPENSUSE-SU-2023_3988-1
RHSA-2023:6583
RHSA-2023:6901
RHSA-2023:7077
RHSA-2023_6583
RHSA-2023_6901
RHSA-2023_7077
RHSA-2024:0412
RHSA-2024:0575
ROSA-SA-2023-2241
SUSE-SU-2023:3599-1
SUSE-SU-2023:3599-2
SUSE-SU-2023:3600-1
SUSE-SU-2023:3600-2
SUSE-SU-2023:3601-1
SUSE-SU-2023:3656-1
SUSE-SU-2023:3680-1
SUSE-SU-2023:3681-1
SUSE-SU-2023:3682-1
SUSE-SU-2023:3684-1
SUSE-SU-2023:3687-1
SUSE-SU-2023:3705-1
SUSE-SU-2023:3785-1
SUSE-SU-2023:3964-1
SUSE-SU-2023:3969-1
SUSE-SU-2023:3971-1
SUSE-SU-2023:3988-1
SUSE-SU-2023:4028-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03613-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03626-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4315-1
USN-6415-1
USN-6439-1
USN-6439-2
USN-6440-1
USN-6440-2
USN-6440-3
USN-6462-1
USN-6462-2
USN-6464-1
USN-6465-1
USN-6465-2
USN-6465-3
USN-6466-1
USN-6516-1
USN-6520-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu