Lucene search
HistoryDec 08, 2023 - 6:15 p.m.
CVE-2023-6622
cve-2023-6622
null pointer dereference
nft_dynset_init
nf_tables
linux kernel
denial of service
local attacker privilege
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.
Affected configurations
Node
linuxlinux_kernelRange≤6.6
ORlinuxlinux_kernelMatch6.7rc1
ORlinuxlinux_kernelMatch6.7rc2
ORlinuxlinux_kernelMatch6.7rc3
ORlinuxlinux_kernelMatch6.7rc4
Node
redhatenterprise_linuxMatch8.0
ORredhatenterprise_linuxMatch9.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | le | 6.6 |
| linux:linux_kernel | linux linux kernel | eq | 6.7 |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-553.rt7.342.el8_10",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.18.0-553.el8_10",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:5.14.0-427.13.1.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:5.14.0-427.13.1.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
}
]References
access.redhat.com/errata/RHSA-2024:2394
access.redhat.com/errata/RHSA-2024:2950
access.redhat.com/errata/RHSA-2024:3138
access.redhat.com/security/cve/CVE-2023-6622
bugzilla.redhat.com/show_bug.cgi?id=2253632
github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea
lists.fedoraproject.org/archives/list/[email protected]/message/AAOVK2F3ALGKYIQ5IOMAYEC2DGI7BWAW/
lists.fedoraproject.org/archives/list/[email protected]/message/G3AGDVE3KBLOOYBPISFDS74R4YAZEDAY/
Related
redhatcve
redhatcve
CVE-2023-6622
2023-12-08 12:58:01
fedora
fedora
[SECURITY] Fedora 38 Update: kernel-6.6.7-100.fc38
2023-12-22 01:31:00
[SECURITY] Fedora 39 Update: kernel-6.6.7-200.fc39
2023-12-21 04:03:35
ubuntucve
ubuntucve
CVE-2023-6622
2023-12-08 00:00:00
cnvd
cnvd
Linux kernel nft_dynset_init function denial of service vulnerability
2023-12-13 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-6622
2023-12-08 18:15:07
debiancve
debiancve
CVE-2023-6622
2023-12-08 18:15:07
nessus
nessus
Fedora 39 : kernel (2023-26ffe7d3c7)
2023-12-21 00:00:00
Fedora 38 : kernel (2023-dcee14345b)
2023-12-20 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-035)
2024-01-24 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-6622 affecting package kernel for versions less than 5.15.143.1-1
2024-01-19 03:54:24
prion
prion
Null pointer dereference
2023-12-08 18:15:00
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2023-26ffe7d3c7)
2023-12-22 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2023-dcee14345b)
2023-12-22 00:00:00
Debian: Security Advisory (DSA-5593-1)
2024-01-12 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2024-02-13 00:00:00
kernel security, bug fix, and enhancement update
2024-05-23 00:00:00
kernel security, bug fix, and enhancement update
2024-05-02 00:00:00
osv
osv
linux - security update
2024-01-01 00:00:00
debian
debian
[SECURITY] [DSA 5593-1] linux security update
2024-01-01 13:25:21
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-02-14 00:00:00
Linux kernel vulnerabilities
2024-02-07 00:00:00
Linux kernel (Azure) vulnerabilities
2024-02-15 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0187
2024-01-09 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2024:2950) Moderate: kernel-rt security and bug fix update
2024-05-22 06:35:10
(RHSA-2024:3138) Moderate: kernel security, bug fix, and enhancement update
2024-05-22 06:35:43
(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update
2024-04-30 06:15:35
rocky
rocky
kernel-rt security and bug fix update
2024-06-14 13:59:36
kernel security, bug fix, and enhancement update
2024-06-14 13:59:16
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2023-6622