CVE-2023-53198

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL dereference issue was identified and resolved in the Linux kernel's raw get next() function. This issue stemmed from parallel execution sequences potentially freeing a socket while another thread was iterating over it, leading to a general protection fault. The fix involves converting raw sockets to RCU and utilizing spinlocks for slow paths to prevent the NULL dereference. The code was modified to use hlist instead of hlist nulls for SOCK RAW, and sk for each rcu() for fast paths and sk for each() with spinlock for /proc/net/raw.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.