CVE-2023-28466

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-28466
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

7.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20230427-0006/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

09 Nov 2023, 13:57

Type Values Removed Values Added
First Time Netapp h410c
Netapp h500s
Netapp h700s
Netapp h410s
Netapp h300s
CPE cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*		 cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

18 Aug 2023, 18:57

Type Values Removed Values Added
First Time Netapp baseboard Management Controller H410c
Netapp baseboard Management Controller H300s
Netapp baseboard Management Controller H410s
Debian
Netapp baseboard Management Controller H700s
Netapp baseboard Management Controller H500s
Debian debian Linux
Netapp
CPE cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20230427-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20230427-0006/ - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html - Mailing List, Third Party Advisory

03 May 2023, 01:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html -

27 Apr 2023, 15:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20230427-0006/ -

21 Mar 2023, 17:27

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-476
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 - Mailing List, Patch
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.0
First Time Linux
Linux linux Kernel

16 Mar 2023, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-03-16 00:15

Updated : 2023-12-10 14:48

NVD link : CVE-2023-28466

Mitre link : CVE-2023-28466

CVE.ORG link : CVE-2023-28466

JSON object : View

Products Affected

netapp

  • h410c
  • h410s
  • h500s
  • h700s
  • h300s

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-476

NULL Pointer Dereference