CVE-2023-4459

Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup()

Published: 8/21/2023 Last updated: 11/15/2025 Reserved: 8/21/2023

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (37)

Product	Vendor	Version
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	< 5.1.32
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	< 6.1.7601.25829
Red Hat Enterprise Linux 6	Red Hat	< 6.2.9200.23584
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	all
Red Hat Enterprise Linux 8	Red Hat	< 15474.84.0
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	< 1.4.1.691 ( 2023/03/01 )
Red Hat Enterprise Linux 9	Red Hat	< 6.3.9600.20246
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	< 10.0.14393.4825
Red Hat Enterprise Linux 6	Red Hat	< 5.2.6
Red Hat Enterprise Linux 7	Red Hat	< 3.5.17
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	< 10.0.19043.1466
Red Hat Enterprise Linux 8	Red Hat	< 6.3.9600.20207
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 6.3.9600.20778
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< 10.0.14393.4825
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	< 750
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	<= 12.2.14
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 753
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	< 10.0.20348.643
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	Android 10.0, 11.0
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	< 1.5.0.738 ( 2023/03/06 )
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	all
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	before version 1.4.1.13
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	< 1.3.1.645 ( 2023/02/22 )
Red Hat Enterprise Linux 8	Red Hat	>= 4.0.0, < 4.0.13
Red Hat Enterprise Linux 9	Red Hat	< 10.0.20348.469
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 6.3.9600.20207
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< 6.0.24
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	3.1.0 p3
Red Hat Enterprise Linux 7	Red Hat	12.2.1.2.0
Red Hat Enterprise Linux 8	Red Hat	n/a

CVE-2023-4459

Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup()

Metrics

Opam packages affected (27)

Products affected (37)

References (40)