CVE-2023-3212: Null Pointer Dereference
First published: Mon Jun 12 2023(Updated: )
A flaw in the Linux Kernel found in the GFS2 file system. On corrupted gfs2 file systems the evict code can try to reference the journal descriptor structure, jdesc, after it has been freed and set to NULL. It can lead to null pointer dereference when gfs2_trans_begin being called and then fail ingfs2_evict_inode(). Reference: <a href="https://listman.redhat.com/archives/cluster-devel/2023-April/023914.html">https://listman.redhat.com/archives/cluster-devel/2023-April/023914.html</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.4 | 6.4 |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager | <=ISVG 10.0.2 | |
| Linux kernel | <6.4 | |
| Linux kernel | =6.4-rc1 | |
| Fedora | =38 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| Linux Kernel | <6.4 | |
| Linux Kernel | =6.4-rc1 | |
| Debian | =10.0 | |
| Debian | =11.0 | |
| Debian | =12.0 | |
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2214348
- https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636
- https://www.debian.org/security/2023/dsa-5448
- https://www.debian.org/security/2023/dsa-5480
- https://security.netapp.com/advisory/ntap-20230929-0005/
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
- https://launchpad.net/bugs/cve/CVE-2023-3212
- https://listman.redhat.com/archives/cluster-devel/2023-April/023914.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2214349
- https://access.redhat.com/errata/RHSA-2023:6583
- https://access.redhat.com/errata/RHSA-2023:6901
- https://access.redhat.com/errata/RHSA-2023:7077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3212
- https://nvd.nist.gov/vuln/detail/CVE-2023-3212
- https://security-tracker.debian.org/tracker/CVE-2023-3212
- https://ubuntu.com/security/CVE-2023-3212
- https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636
- https://www.ibm.com/support/pages/node/7172423 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-3212?
CVE-2023-3212 is classified as a high severity vulnerability that can lead to a system crash due to a null pointer dereference.
How do I fix CVE-2023-3212?
To fix CVE-2023-3212, upgrade to the latest kernel version as specified in vendor advisories.
Which systems are affected by CVE-2023-3212?
CVE-2023-3212 affects various Linux distributions, including Red Hat, Fedora, and Debian up to specific versions.
Is there a patch available for CVE-2023-3212?
Yes, patches for CVE-2023-3212 are included in the kernel updates provided by affected Linux distributions.
What are the consequences of exploiting CVE-2023-3212?
Exploitation of CVE-2023-3212 can lead to a null pointer dereference, potentially causing system instability or crashes.
- agent/type
- agent/first-publish-date
- agent/author
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3212
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/trending
- agent/source
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/event
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager
- version/ibm security verify governance, identity manager/isvg 10.0.2
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.4-rc1
- vendor/fedoraproject
- canonical/fedora
- version/fedora/38
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- vendor/debian
- canonical/debian
- version/debian/10.0
- version/debian/11.0
- version/debian/12.0
- vendor/netapp
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h410s
- canonical/netapp h410s firmware
- canonical/netapp h410c
- canonical/netapp h410c firmware
- package-manager/debian