CVE-2023-6176

NameCVE-2023-6176
DescriptionA null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.244-1fixed
bookworm6.1.148-1fixed
bookworm (security)6.1.153-1fixed
trixie6.12.43-1fixed
trixie (security)6.12.48-1fixed
forky6.16.12-2fixed
sid6.17.7-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebuster(not affected)
linuxsourcebullseye5.10.197-1
linuxsourcebookworm6.1.55-1
linuxsource(unstable)6.5.6-1

Notes

[buster] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2)
Search for package or bug name: Reporting problems