Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c
CVE-2023-5972

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Kernel; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 23 November 2023

Summary

A vulnerability exists in the nft_inner.c functionality of the netfilter component of the Linux kernel, where a null pointer dereference could potentially allow a local user to crash the system. This flaw presents a risk of privilege escalation, enabling users to execute unauthorized actions within the system, thereby compromising security and stability. It is crucial for system administrators to apply relevant patches and updates to mitigate this risk.

References

https://access.redhat.com/security/cve/CVE-2023-5972

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2248189

issue-trackingx_refsource_REDHAT

https://github.com/torvalds/linux/commit/505ce0630ad5d311...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Nov 6, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Xingyuan Mo (IceSword Lab) for reporting this issue.