#VU120483 NULL pointer dereference in Linux kernel - CVE-2023-53987
Published: December 26, 2025 / Updated: December 31, 2025
Vulnerability identifier: #VU120483
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-53987
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ping_get_idx() and ping_seq_next() functions in net/ipv4/ping.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/176cbb6da28f36506cc60a4bec4ab8df0c16713a
- https://git.kernel.org/stable/c/5a08a32e624908890aa0a2eb442bb6a7669891a8
- https://git.kernel.org/stable/c/ab5fb73ffa01072b4d8031cc05801fa1cb653bee
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3