{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T06:25:01.843","vulnerabilities":[{"cve":{"id":"CVE-2023-52991","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-03-27T17:15:46.540","lastModified":"2025-10-01T21:15:42.190","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix NULL pointer in skb_segment_list\n\nCommit 3a1296a38d0c (\"net: Support GRO/GSO fraglist chaining.\")\nintroduced UDP listifyed GRO. The segmentation relies on frag_list being\nuntouched when passing through the network stack. This assumption can be\nbroken sometimes, where frag_list itself gets pulled into linear area,\nleaving frag_list being NULL. When this happens it can trigger\nfollowing NULL pointer dereference, and panic the kernel. Reverse the\ntest condition should fix it.\n\n[19185.577801][    C1] BUG: kernel NULL pointer dereference, address:\n...\n[19185.663775][    C1] RIP: 0010:skb_segment_list+0x1cc/0x390\n...\n[19185.834644][    C1] Call Trace:\n[19185.841730][    C1]  <TASK>\n[19185.848563][    C1]  __udp_gso_segment+0x33e/0x510\n[19185.857370][    C1]  inet_gso_segment+0x15b/0x3e0\n[19185.866059][    C1]  skb_mac_gso_segment+0x97/0x110\n[19185.874939][    C1]  __skb_gso_segment+0xb2/0x160\n[19185.883646][    C1]  udp_queue_rcv_skb+0xc3/0x1d0\n[19185.892319][    C1]  udp_unicast_rcv_skb+0x75/0x90\n[19185.900979][    C1]  ip_protocol_deliver_rcu+0xd2/0x200\n[19185.910003][    C1]  ip_local_deliver_finish+0x44/0x60\n[19185.918757][    C1]  __netif_receive_skb_one_core+0x8b/0xa0\n[19185.927834][    C1]  process_backlog+0x88/0x130\n[19185.935840][    C1]  __napi_poll+0x27/0x150\n[19185.943447][    C1]  net_rx_action+0x27e/0x5f0\n[19185.951331][    C1]  ? mlx5_cq_tasklet_cb+0x70/0x160 [mlx5_core]\n[19185.960848][    C1]  __do_softirq+0xbc/0x25d\n[19185.968607][    C1]  irq_exit_rcu+0x83/0xb0\n[19185.976247][    C1]  common_interrupt+0x43/0xa0\n[19185.984235][    C1]  asm_common_interrupt+0x22/0x40\n...\n[19186.094106][    C1]  </TASK>"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: corrección de puntero nulo en skb_segment_list. El commit 3a1296a38d0c (\"net: Compatibilidad con encadenamiento de fraglist GRO/GSO\") introdujo GRO con lista UDP. La segmentación depende de que frag_list permanezca intacto al pasar por la pila de red. Esta suposición puede fallar a veces, ya que frag_list se arrastra al área lineal, dejando frag_list como nulo. Cuando esto sucede, puede desencadenar la consiguiente desreferencia de puntero nulo y generar un pánico en el kernel. Revertir la condición de prueba debería solucionarlo. [19185.577801][ C1] ERROR: desreferencia de puntero NULL del núcleo, dirección: ... [19185.663775][ C1] RIP: 0010:skb_segment_list+0x1cc/0x390 ... [19185.834644][ C1] Rastreo de llamadas: [19185.841730][ C1]  [19185.848563][ C1] __udp_gso_segment+0x33e/0x510 [19185.857370][ C1] inet_gso_segment+0x15b/0x3e0 [19185.866059][ C1] skb_mac_gso_segment+0x97/0x110 [19185.874939][ C1] __skb_gso_segment+0xb2/0x160 [19185.883646][ C1] udp_queue_rcv_skb+0xc3/0x1d0 [19185.892319][ C1] udp_unicast_rcv_skb+0x75/0x90 [19185.900979][ C1] ip_protocol_deliver_rcu+0xd2/0x200 [19185.910003][ C1] ip_local_deliver_finish+0x44/0x60 [19185.918757][ C1] __netif_receive_skb_one_core+0x8b/0xa0 [19185.927834][ C1] registro_de_proceso+0x88/0x130 [19185.935840][ C1] __napi_poll+0x27/0x150 [19185.943447][ C1] acción_de_rx_net+0x27e/0x5f0 [19185.951331][ C1] ? mlx5_cq_tasklet_cb+0x70/0x160 [mlx5_core] [19185.960848][ C1] __do_softirq+0xbc/0x25d [19185.968607][ C1] irq_exit_rcu+0x83/0xb0 [19185.976247][ C1] common_interrupt+0x43/0xa0 [19185.984235][ C1] asm_common_interrupt+0x22/0x40 ... [19186.094106][ C1] "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.167","matchCriteriaId":"101645FF-CEF8-4860-A44D-A0DA5F0D4E5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.92","matchCriteriaId":"82E7FA6E-E503-40DE-995C-EB8E2C9CDAE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.10","matchCriteriaId":"482D2612-A4D4-4A68-AC23-52F6BE89878B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*","matchCriteriaId":"FF501633-2F44-4913-A8EE-B021929F49F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*","matchCriteriaId":"2BDA597B-CAC1-4DF0-86F0-42E142C654E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*","matchCriteriaId":"725C78C9-12CE-406F-ABE8-0813A01D66E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*","matchCriteriaId":"A127C155-689C-4F67-B146-44A57F4BFD85"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*","matchCriteriaId":"D34127CC-68F5-4703-A5F6-5006F803E4AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*","matchCriteriaId":"4AB8D555-648E-4F2F-98BD-3E7F45BD12A8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/046de74f9af92ae9ffce75fa22a1795223f4fb54","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6446369fb9f083ce032448c5047da08e298b22e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/876e8ca8366735a604bac86ff7e2732fc9d85d2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/888dad6f3e85e3b2f8389bd6478f181efc72534d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}