CVE-2023-4459 | THREATINT

Description

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.

PUBLISHED Reserved 2023-08-21 | Published 2023-08-21 | Updated 2025-11-15 | Assigner redhat

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

NULL Pointer Dereference

Product status

Default status

affected

0:4.18.0-193.133.1.el8_2 (rpm) before *

unaffected

Default status

affected

0:4.18.0-193.133.1.rt13.184.el8_2 (rpm) before *

unaffected

Default status

affected

0:4.18.0-193.133.1.el8_2 (rpm) before *

unaffected

Default status

affected

0:4.18.0-193.133.1.el8_2 (rpm) before *

unaffected

Default status

affected

0:4.18.0-305.125.1.el8_4 (rpm) before *

unaffected

Default status

affected

0:4.18.0-305.125.1.rt7.201.el8_4 (rpm) before *

unaffected

Default status

affected

0:4.18.0-305.125.1.el8_4 (rpm) before *

unaffected

Default status

affected

0:4.18.0-305.125.1.el8_4 (rpm) before *

unaffected

Default status

affected

0:4.18.0-372.87.1.el8_6 (rpm) before *

unaffected

Default status

affected

0:5.14.0-70.93.2.el9_0 (rpm) before *

unaffected

Default status

affected

0:5.14.0-70.93.1.rt21.165.el9_0 (rpm) before *

unaffected

Default status

affected

0:4.18.0-372.87.1.el8_6 (rpm) before *

unaffected

Default status

unknown

Default status

unknown

Default status

unknown

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Timeline

2023-06-28:	Reported to Red Hat.
2022-05-14:	Made public.

References

access.redhat.com/errata/RHSA-2024:0412 (RHSA-2024:0412) vendor-advisory

access.redhat.com/errata/RHSA-2024:1250 (RHSA-2024:1250) vendor-advisory

access.redhat.com/errata/RHSA-2024:1306 (RHSA-2024:1306) vendor-advisory

access.redhat.com/errata/RHSA-2024:1367 (RHSA-2024:1367) vendor-advisory

access.redhat.com/errata/RHSA-2024:1382 (RHSA-2024:1382) vendor-advisory

access.redhat.com/errata/RHSA-2024:2006 (RHSA-2024:2006) vendor-advisory

access.redhat.com/errata/RHSA-2024:2008 (RHSA-2024:2008) vendor-advisory

access.redhat.com/security/cve/CVE-2023-4459 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2219268 (RHBZ#2219268) issue-tracking

github.com/...ommit/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd

access.redhat.com/errata/RHSA-2024:0412 (RHSA-2024:0412) vendor-advisory

access.redhat.com/errata/RHSA-2024:1250 (RHSA-2024:1250) vendor-advisory

access.redhat.com/errata/RHSA-2024:1306 (RHSA-2024:1306) vendor-advisory

access.redhat.com/errata/RHSA-2024:1367 (RHSA-2024:1367) vendor-advisory

access.redhat.com/errata/RHSA-2024:1382 (RHSA-2024:1382) vendor-advisory

access.redhat.com/errata/RHSA-2024:2006 (RHSA-2024:2006) vendor-advisory

access.redhat.com/errata/RHSA-2024:2008 (RHSA-2024:2008) vendor-advisory

access.redhat.com/security/cve/CVE-2023-4459 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2219268 (RHBZ#2219268) issue-tracking

github.com/...ommit/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd

cve.org (CVE-2023-4459)

nvd.nist.gov (CVE-2023-4459)

help @ threatint.eu