PT-2024-14774 · Linux+5 · Linux Kernel+5

Xiao Liang

·

Published

2024-05-10

·

Updated

2025-09-29

·

CVE-2023-52889

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The vulnerability is related to a null pointer dereference in the apparmor component of the Linux kernel. This occurs when receiving ICMP packets with secmark set while an ICMP raw socket is being created. The SK CTX(sk)->label is updated in apparmor socket post create(), but the packet is delivered to the socket before that, causing the null pointer dereference. To mitigate this, the packet should be dropped if the label context is not set.
Recommendations For Linux kernel versions prior to 6.6.50, update to version 6.6.50 or later to resolve the vulnerability. If updating is not possible, consider disabling the apparmor component or restricting its use as a temporary workaround until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-11345
ALT-PU-2024-11524
ALT-PU-2024-11577
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-12232
ALT-PU-2024-12537
ALT-PU-2024-13121
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47804
AZL-47841
BDU:2025-01417
CVE-2023-52889
DLA-3912-1
DLA-4008-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2106
OESA-2024-2107
OESA-2024-2108
OESA-2024-2296
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7100-1
USN-7100-2
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu