CVE-2023-28466

HIGH Year: 2023
CVSS v3 Score
7.0
High
Weakness Type
CWE-476
View all →

Vulnerability Description

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

Related Vulnerabilities

CVE-2024-35919

HIGH
CVSS:7.0(High)

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer ...

CWE-4762024

CVE-2025-29547

HIGH
CVSS:7.0(High)

In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000.

CWE-4762025

CVE-2025-29838

HIGH
CVSS:7.0(High)

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

CWE-4762025

CVE-2011-1985

HIGH
CVSS:7.1(High)

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not prop...

CWE-4762011

CVE-2020-10600

HIGH
CVSS:7.1(High)

An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versio...

CWE-4762020

CVE-2020-11668

HIGH
CVSS:7.1(High)

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

CWE-4762020