CVE-2023-6176
Advisory lineage Upstream: 0 Downstream: 43
Modified
Published: 16 Nov 2023, 17:15
Last modified:06 Nov 2025, 20:01
Vulnerability Summary
Overall Risk (default)
low
19/100 CVSS Score
4.7 MEDIUM
v3.1 (cve.org)
EPSS Score
0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Nov 2023, 17:15
Published
Vulnerability first disclosed
06 Nov 2025, 20:01
Last Modified
Vulnerability information updated
Description
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.01%• Percentile: 1%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- linux•linux_kernel
na
- redhat•enterprise_linux
8.0 | 9.0
References (7)
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-6176
- https://bugzilla.redhat.com/show_bug.cgi?id=2219359
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html