{
  "threat_severity" : "Moderate",
  "public_date" : "2025-03-27T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net: fix NULL pointer in skb_segment_list",
    "id" : "2355500",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2355500"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet: fix NULL pointer in skb_segment_list\nCommit 3a1296a38d0c (\"net: Support GRO/GSO fraglist chaining.\")\nintroduced UDP listifyed GRO. The segmentation relies on frag_list being\nuntouched when passing through the network stack. This assumption can be\nbroken sometimes, where frag_list itself gets pulled into linear area,\nleaving frag_list being NULL. When this happens it can trigger\nfollowing NULL pointer dereference, and panic the kernel. Reverse the\ntest condition should fix it.\n[19185.577801][    C1] BUG: kernel NULL pointer dereference, address:\n...\n[19185.663775][    C1] RIP: 0010:skb_segment_list+0x1cc/0x390\n...\n[19185.834644][    C1] Call Trace:\n[19185.841730][    C1]  <TASK>\n[19185.848563][    C1]  __udp_gso_segment+0x33e/0x510\n[19185.857370][    C1]  inet_gso_segment+0x15b/0x3e0\n[19185.866059][    C1]  skb_mac_gso_segment+0x97/0x110\n[19185.874939][    C1]  __skb_gso_segment+0xb2/0x160\n[19185.883646][    C1]  udp_queue_rcv_skb+0xc3/0x1d0\n[19185.892319][    C1]  udp_unicast_rcv_skb+0x75/0x90\n[19185.900979][    C1]  ip_protocol_deliver_rcu+0xd2/0x200\n[19185.910003][    C1]  ip_local_deliver_finish+0x44/0x60\n[19185.918757][    C1]  __netif_receive_skb_one_core+0x8b/0xa0\n[19185.927834][    C1]  process_backlog+0x88/0x130\n[19185.935840][    C1]  __napi_poll+0x27/0x150\n[19185.943447][    C1]  net_rx_action+0x27e/0x5f0\n[19185.951331][    C1]  ? mlx5_cq_tasklet_cb+0x70/0x160 [mlx5_core]\n[19185.960848][    C1]  __do_softirq+0xbc/0x25d\n[19185.968607][    C1]  irq_exit_rcu+0x83/0xb0\n[19185.976247][    C1]  common_interrupt+0x43/0xa0\n[19185.984235][    C1]  asm_common_interrupt+0x22/0x40\n...\n[19186.094106][    C1]  </TASK>", "A flaw was found in the Linux kernel's net subsystem. A NULL pointer dereference can be triggered when a specific sequence of network events occurs due to an improper check, resulting in a denial of service." ],
  "statement" : "This issue has been fixed in Red Hat Enterprise Linux 8.9 and 9.3 via RHSA-2023:7077 [1] and RHSA-2023:6583 [2], respectively.\n[1]. https://access.redhat.com/errata/RHSA-2023:7077\n[2]. https://access.redhat.com/errata/RHSA-2023:6583",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-52991\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52991\nhttps://lore.kernel.org/linux-cve-announce/2025032709-CVE-2023-52991-6358@gregkh/T" ],
  "name" : "CVE-2023-52991",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}