CVE-2023-28466

kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference

Severity Score

7.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NVD
RedHat

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

A use-after-free flaw was found in the do_tls_getsockopt function in net/tls/tls_main.c in the Transport Layer Security (TLS) in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition.

*Credits: N/A

CVSS Scores

NISTv3.1 7.0

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-03-15 CVE Reserved
2023-03-15 CVE Published
2023-05-03 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free
CWE-476: NULL Pointer Dereference

CAPEC

References (5)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html	Mailing List
https://security.netapp.com/advisory/ntap-20230427-0006	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962	2023-11-09

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-28466	2023-08-29
https://bugzilla.redhat.com/show_bug.cgi?id=2179000	2023-08-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.13 <= 5.4.240 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 <= 5.4.240"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.177 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.177"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15.105 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.105"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.1.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.1.20"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.2.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.2.7"		-		Affected
Netapp Search vendor "Netapp"		H300s Search vendor "Netapp" for product "H300s"				-		-		Affected
Netapp Search vendor "Netapp"		H410c Search vendor "Netapp" for product "H410c"				-		-		Affected
Netapp Search vendor "Netapp"		H410s Search vendor "Netapp" for product "H410s"				-		-		Affected
Netapp Search vendor "Netapp"		H500s Search vendor "Netapp" for product "H500s"				-		-		Affected
Netapp Search vendor "Netapp"		H700s Search vendor "Netapp" for product "H700s"				-		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected