CVE-2023-28466

Опубликовано: 16 мар. 2023

Источник: debian

EPSS Низкий

Описание

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
linux	fixed	6.1.20-1		package
linux	fixed	5.10.178-1	bullseye	package
linux	ignored		buster	package

Примечания

https://git.kernel.org/linus/49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962

EPSS

Процентиль: 5%

0.00021

Низкий

Связанные уязвимости

CVE-2023-28466

CVSS3: 7

ubuntu

почти 3 года назад

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

CVE-2023-28466

CVSS3: 7

redhat

почти 3 года назад

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

CVE-2023-28466

CVSS3: 7

nvd

почти 3 года назад

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

CVE-2023-28466

CVSS3: 7

msrc

почти 3 года назад

Описание отсутствует

RLSA-2023:3847

rocky

больше 2 лет назад

Moderate: kernel security, bug fix, and enhancement update

EPSS

Процентиль: 5%

0.00021

Низкий