A flaw in the Linux Kernel found in netlink_dump. When the Netlink socket receives the message(sendmsg), for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message and the DUMP flag is set, it will enter the netlink_dump function for processing. When sending data to the socket multiple times, it will make sk->sk_rmem_alloc continues to accumulate, and eventually atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf will be judged as True, skipping the initialization of netlink_callback->args. Reference: https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2222176]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-3106
This was fixed for Fedora with 4.8 kernel updates in 2016.