CVE-2023-6176

Description

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• https://access.redhat.com/errata/RHSA-2024:2394
• https://errata.rockylinux.org/RLSA-2024:2950
• https://www.suse.com/security/cve/CVE-2023-6176.html
• https://security-tracker.debian.org/tracker/CVE-2023-6176
• https://access.redhat.com/errata/RHSA-2024:3138
• https://bugzilla.redhat.com/1731000
• https://bugzilla.redhat.com/1746732
• https://bugzilla.redhat.com/1888726
• https://bugzilla.redhat.com/1999589
• https://bugzilla.redhat.com/2039178
• https://bugzilla.redhat.com/2043520
• https://bugzilla.redhat.com/2044578
• https://bugzilla.redhat.com/2150953
• https://bugzilla.redhat.com/2151959
• https://bugzilla.redhat.com/2177759
• https://bugzilla.redhat.com/2179892
• https://bugzilla.redhat.com/2213132
• https://bugzilla.redhat.com/2218332
• https://bugzilla.redhat.com/2219359
• https://bugzilla.redhat.com/2221039
• https://bugzilla.redhat.com/2221463
• https://bugzilla.redhat.com/2221702
• https://bugzilla.redhat.com/2226777
• https://bugzilla.redhat.com/2226784
• https://bugzilla.redhat.com/2226787

💬 Discuss CVE-2023-6176 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.