CVE-2023-3338: 
Linux Kernel vulnerability analysis and mitigation

A null pointer dereference vulnerability (CVE-2023-3338) was discovered in the Linux kernel's DECnet networking protocol. The vulnerability was discovered by Davide Ornaghi and disclosed on June 30, 2023. The flaw affects Linux kernels with DECnet support from Linux-4.12-rc7 up to Linux-6.0.19, before being removed in the 6.1 kernel series. The vulnerability received a CVSS v3.1 score of 6.5 (Medium) (NVD, Red Hat).

The vulnerability occurs in the dn_nsp_send function (net/decnet/dn_nsp_out.c) due to improper handling of reference counting in the DECnet protocol implementation. When starting a connection with a DECnet socket, the connect() handler __dn_connect initializes the dst reference counter to 0 instead of 1 while building a route. The dst_alloc function fails to properly increase the reference count, leading to a null pointer dereference. This occurs because dst_hold_and_use calls atomic_inc_not_zero on dst->__refcnt, which only works if the refcount is not 0 (OSS Security).

When exploited, this vulnerability could allow a remote user to crash the system through a denial of service attack. The flaw could potentially lead to privilege escalation under certain conditions. On systems without SMAP and with configurable vm.mmap_min_addr, the vulnerability could potentially be exploited for arbitrary code execution (OSS Security, Debian Security).

The DECnet subsystem has been officially removed from all longterm and stable kernel series, starting from versions 4.14.319, 4.19.287, 5.4.248, 5.10.185, and 5.15.118. For systems that cannot be immediately updated, there are no direct workarounds available. The recommended action is to upgrade to a kernel version that has removed the DECnet protocol implementation (NetApp Security, OSS Security).