CVE-2023-0394: 
Linux Kernel vulnerability analysis and mitigation

A NULL pointer dereference vulnerability (CVE-2023-0394) was discovered in the rawv6pushpending_frames function within net/ipv6/raw.c of the Linux kernel's network subcomponent. The vulnerability was identified by Kyle Zeng and disclosed on January 26, 2023. This flaw affects Linux kernel versions up to (excluding) 6.2 (NVD).

The vulnerability stems from incorrect handling of extension header length calculations in the IPv6 implementation. The total cork length created by ip6appenddata includes extension headers, but these headers need to be excluded when comparing against the IPV6_CHECKSUM offset, which does not include extension headers. This oversight leads to a NULL pointer dereference condition (Kernel Commit). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability causes the system to crash, resulting in a denial of service condition. The flaw requires local access to the system and can be triggered by a local user with appropriate privileges (NetApp Advisory).

The vulnerability has been fixed in Linux kernel version 6.2-rc4 through a patch that correctly handles the extension header length calculations. Multiple Linux distributions have released security updates to address this vulnerability, including Ubuntu and Debian. For Ubuntu systems, fixes are available in versions 5.19.0-42.43 for 22.10, 5.15.0-70.77 for 22.04 LTS, and 5.4.0-144.161 for 20.04 LTS (Ubuntu Security). Debian has also released fixes in version 5.10.162-1~deb10u1 for Debian 10 (Debian Advisory).