Fluid Attacks Database

Description

A NULL pointer dereference flaw was found in the Linux kernel's RxRPC/AFS networking stack. When making an AFS call, the call timer can expire before a connection is assigned if the call gets stalled waiting for a connection. This causes a NULL pointer dereference in rxrpc_alloc_txbuf() when attempting to send an ACK.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel9	kernel	<0:5.14.0-362.8.1.el9_3	0:5.14.0-362.8.1.el9_3
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-541952. NVD-2023-541953. OSV-2023-54195

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.