Linux Kernel IP Framework net/xfrm/xfrm_user.c xfrm_update_ae_params denial of service

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Linux Kernel. The impacted element is the function xfrm_update_ae_params of the file net/xfrm/xfrm_user.c of the component IP Framework. Performing a manipulation results in denial of service.
This vulnerability is reported as CVE-2023-3772. The attack requires a local approach. No exploit exists.
It is recommended to apply a patch to fix this issue.
Details
A vulnerability, which was classified as problematic, was found in Linux Kernel (Operating System) (the affected version is unknown). This affects the function xfrm_update_ae_params of the file net/xfrm/xfrm_user.c of the component IP Framework. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. The summary by CVE is:
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.
The weakness was disclosed 07/26/2023. It is possible to read the advisory at access.redhat.com. This vulnerability is uniquely identified as CVE-2023-3772 since 07/19/2023. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 281316 (Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993218)), which helps to determine the existence of the flaw in a target environment.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at lore.kernel.org.
The vulnerability is also documented in the databases at Tenable (281316), EUVD (EUVD-2023-44405) and CERT Bund (WID-SEC-2023-1882). Be aware that VulDB is the high quality source for vulnerability data.
Affected
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- Open Source Linux Kernel
- IBM Spectrum Protect
- Oracle VM
- Dell NetWorker
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.1VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 4.4
NVD Vector: 🔍
CNA Base Score: 5.5
CNA Vector (Red Hat, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 281316
Nessus Name: Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993218)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: lore.kernel.org
Timeline
07/19/2023 🔍07/26/2023 🔍
07/26/2023 🔍
01/01/2026 🔍
Sources
Vendor: kernel.orgAdvisory: access.redhat.com
Status: Confirmed
CVE: CVE-2023-3772 (🔍)
GCVE (CVE): GCVE-0-2023-3772
GCVE (VulDB): GCVE-100-235407
EUVD: 🔍
CERT Bund: WID-SEC-2023-1882 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 07/26/2023 09:41Updated: 01/01/2026 23:20
Changes: 07/26/2023 09:41 (52), 09/13/2024 21:42 (26), 07/24/2025 01:02 (1), 11/12/2025 08:53 (7), 01/01/2026 23:20 (2)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.