CVE-2023-3106

Kernel: netlink socket crash (null pointer deref) in netlink_dump function

Published: 7/12/2023 Last updated: 11/20/2025 Reserved: 6/5/2023

A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.6	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (8)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	< 76c365fa7e2a8bb85f0190cdb4b8cdc99b2fdce3
Red Hat Enterprise Linux 7	Red Hat	< f737418b6de31c962c7192777ee4018906975383
Red Hat Enterprise Linux 8	Red Hat	< 362a90cecd36e8a5c415966d0b75b04a0270e4dd
Red Hat Enterprise Linux 9	Red Hat	< 3bc6317033f365ce578eb6039445fb66162722fd
Red Hat Enterprise Linux 6	Red Hat	<= *
Red Hat Enterprise Linux 7	Red Hat	< cf9291a3449b04688b81e32621e88de8f4314b54
Red Hat Enterprise Linux 9	Red Hat	< 836e625b03a666cf93ff5be328c8cb30336db872
Red Hat Enterprise Linux 8	Red Hat	< eb59cc31b6ea076021d14b04e7faab1636b87d0e

CVE-2023-3106

Kernel: netlink socket crash (null pointer deref) in netlink_dump function

Metrics

Opam packages affected (29)

Products affected (8)

References (12)