A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:58
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/ - |
29 Apr 2023, 03:08
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w@mail.gmail.com/ - Mailing List, Patch | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| CPE | cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* |
|
| CWE | CWE-476 |
20 Apr 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-19 23:15
Updated : 2025-02-05 16:15
NVD link : CVE-2023-2166
Mitre link : CVE-2023-2166
CVE.ORG link : CVE-2023-2166
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-476
NULL Pointer Dereference