Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-28466

Опубликовано: 15 мар. 2023
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

A use-after-free flaw was found in the do_tls_getsockopt function in net/tls/tls_main.c in the Transport Layer Security (TLS) in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition.

Меры по смягчению последствий

This flaw can be mitigated by preventing the affected Transport Layer Security (TLS) kernel module from loading during the boot time. Ensure the module is added into the blacklist file.

Refer: How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:381927.06.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:384727.06.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2023:478929.08.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:372321.06.2023
Red Hat Enterprise Linux 9kernel-rtFixedRHSA-2023:370821.06.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:372321.06.2023
Red Hat Enterprise Linux 9.0 Extended Update SupportkernelFixedRHSA-2023:480129.08.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2179000kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference

EPSS

Процентиль: 2%
0.00016
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-28466

CVSS3: 7
ubuntu
больше 2 лет назад

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

nvd логотип

CVE-2023-28466

CVSS3: 7
nvd
больше 2 лет назад

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

msrc логотип

CVE-2023-28466

CVSS3: 7
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-28466

CVSS3: 7
debian
больше 2 лет назад

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6. ...

rocky логотип

RLSA-2023:3847

rocky
почти 2 года назад

Moderate: kernel security, bug fix, and enhancement update

EPSS

Процентиль: 2%
0.00016
Низкий

7 High

CVSS3