CVE-2023-54206

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc4+

Description The Linux kernel contained a flaw in the networking scheduler's flower component related to filter IDR initialization. A commit moved the IDR initialization too early, potentially allowing concurrent access to a filter that was still being initialized, leading to an inconsistent state and a possible NULL pointer dereference. This issue could result in a general protection fault, as indicated by KASAN reports. The vulnerability occurs during the dumping of keys, specifically within the fl dump key function.

Recommendations Update to a version newer than 6.3.0-rc4+ to address this issue.