Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1382

Опубликовано: 18 нояб. 2022
Источник: redhat
CVSS3: 5.5

Описание

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.

Меры по смягчению последствий

This flaw can be mitigated by preventing the affected transparent inter-process communication (TIPC) protocol kernel module from loading during the boot time. Ensure the module is added into the blacklist file.

Refer: How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:690114.11.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:707714.11.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:041225.01.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:140419.03.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:245809.05.2023
Red Hat Enterprise Linux 9kernel-rtFixedRHSA-2023:214809.05.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:245809.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2177371kernel: denial of service in tipc_conn_close

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1382

CVSS3: 4.7
ubuntu
около 2 лет назад

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.

nvd логотип

CVE-2023-1382

CVSS3: 4.7
nvd
около 2 лет назад

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.

msrc логотип

CVE-2023-1382

CVSS3: 4.7
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-1382

CVSS3: 4.7
debian
около 2 лет назад

A data race flaw was found in the Linux kernel, between where con is a ...

github логотип

GHSA-8683-hc58-cmgj

CVSS3: 4.7
github
около 2 лет назад

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.

5.5 Medium

CVSS3