CVE-2023-6915

Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c

Published: 1/15/2024 Last updated: 11/6/2025 Reserved: 12/18/2023

A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.2	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (3)

Product	Vendor	Version
Red Hat Enterprise Linux 7	Red Hat	2.6.0
Red Hat Enterprise Linux 7	Red Hat	23.0
Red Hat Enterprise Linux 9	Red Hat	5.2.0

References (26)

Credits (2)

Red Hat would like to thank ZhengHan Wang (Hillstone Network) for reporting this issue.
Red Hat would like to thank ZhengHan Wang (Hillstone Network) for reporting this issue.