CVE-2023-6622: Kernel: null pointer dereference vulnerability in nft_dynset_init()
A null pointer dereference vulnerability was found in nftdynsetinit() in net/netfilter/nftdynset.c in nftables in the Linux kernel. This issue may allow a local attacker with CAPNETADMIN user privilege to trigger a denial of service.
Other sources
In nftdynsetinit(), dynsetexpr->ops is checked against set->exprs[i]->ops at (0) and set->exprs[i] may be NULL here. if set->numexprs == 1, which means set->exprs[1] is NULL, and i == 1, the check at (1) will be passed and set->exprs[1] will be accessed, causing a kernel crash.
Refer: https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the nftdynsetinit() function in net/netfilter/nftdynset.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
— IBM
Affected Software
Remediation
Patch Available
Mitigation
Event History
Frequently Asked Questions
What is CVE-2023-6622?
CVE-2023-6622 is a null pointer dereference vulnerability in nft_dynset_init() in nf_tables in the Linux kernel.
How severe is CVE-2023-6622?
CVE-2023-6622 has a severity rating of medium, with a CVSS score of 5.5.
How does CVE-2023-6622 impact the system?
CVE-2023-6622 can allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.
What is the fix for CVE-2023-6622?
To fix CVE-2023-6622, apply the patch provided by the Linux kernel developers.
Where can I find more information about CVE-2023-6622?
You can find more information about CVE-2023-6622 at the following references: [Red Hat Security Advisory](https://access.redhat.com/security/cve/CVE-2023-6622), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2253632), [Linux Kernel Commit](https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea).