← Back

CVE-2023-28466

nvd nist
Published: Mar 16, 2023Modified: May 5, 2025

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

Affected (11)

Linux
1 product
Linux Kernel
Netapp
5 products
H300s
H410c
H410s
H500s
H700s
Debian
1 product
Debian Linux
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 4.13 to 5.4.240
Linux Kernel
From 5.11 to 5.15.105
Linux Kernel
From 5.16 to 6.1.20
Linux Kernel
From 5.5 to 5.10.177
Linux Kernel
From 6.2 to 6.2.7
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
H300s
All versions
H410c
All versions
H410s
All versions
H500s
All versions
H700s
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (6)

Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.