CVE-2023-0394
MEDIUMLinux Kernel < 6.2 - Denial of Service via NULL Pointer Dereference in rawv6_push_pending_frames
Title source: llmDescription
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
References (4)
Core 4
Core References
Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230302-0005/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Scores
CVSS v3
5.5
EPSS
0.0102
EPSS Percentile
58.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (2)
linux/linux_kernel
6.2 rc1 (3 CPE variants)
linux/linux_kernel
< 6.2
Published
Jan 26, 2023
Tracked Since
Feb 18, 2026