Back to bug 2221501
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Alex | 2023-07-09 14:55:38 UTC | CC | security-response-team | |
| Alex | 2023-07-09 15:00:46 UTC | Depends On | 2221503, 2221502 | |
| RaTasha Tillery-Smith | 2023-07-10 13:28:30 UTC | Doc Text | A null pointer dereference vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. It can happen when the Netlink socket receives the message(sendmsg), for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message and the DUMP flag is set. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. | A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. |
| Alex | 2023-07-12 07:02:12 UTC | Comment | 0 | updated |
| Alex | 2023-07-12 07:02:29 UTC | Doc Type | --- | If docs needed, set a value |
| Alex | 2023-07-12 07:03:32 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2023-3106 kernel: Netlink socket crash (null pointer deref) in netlink_dump function | CVE-2023-3106 kernel: Netlink socket crash (null pointer deref) in netlink_dump function | ||
| CC | ddepaula, dfreiber, jburrell, jferlan, kernel-mgr, rogbas, vkumar, ymankad | |||
| Alex | 2023-07-12 07:03:54 UTC | Depends On | 2222176 | |
| Alex | 2023-07-12 07:06:46 UTC | Fixed In Version | kernel 4.8-rc7 | |
| Product Security DevOps Team | 2023-07-12 11:39:41 UTC | Resolution | --- | WONTFIX |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-07-12 11:39:41 UTC |
Back to bug 2221501