CVE-2023-6622: 
Linux Kernel vulnerability analysis and mitigation

A null pointer dereference vulnerability (CVE-2023-6622) was discovered in the nft_dynset_init() function in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. The vulnerability was reported on December 8, 2023, and affects Linux kernel versions up to and including 6.6, as well as version 6.7 release candidates (rc1-rc4) (NVD).

The vulnerability occurs when dynset expressions provided by userspace is larger than the declared set expressions. In nft_dynset_init(), dynset_expr->ops is checked against set->exprs[i]->ops, but set->exprs[i] may be NULL. If set->num_exprs equals 1 (meaning set->exprs[1] is NULL) and i equals 1, the check will be passed and set->exprs[1] will be accessed, causing a kernel crash (GitHub Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

This vulnerability allows a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service condition in the system by causing a kernel crash (NVD).

The vulnerability has been fixed in various Linux distributions through security updates. Red Hat has addressed this in RHEL 8 and 9 through security advisories RHSA-2024:2394, RHSA-2024:2950, and RHSA-2024:3138. Fedora has also released fixes in kernel versions 6.6.7-100.fc38 and 6.6.7-200.fc39 (Red Hat Advisory, Fedora Update).