{"api_version":"1","generated_at":"2026-04-22T18:42:18+00:00","cve":"CVE-2023-3212","urls":{"html":"https://cve.report/CVE-2023-3212","api":"https://cve.report/api/cve/CVE-2023-3212.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3212","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3212"},"summary":{"title":"CVE-2023-3212","description":"A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-06-23 20:15:00","updated_at":"2023-10-26 20:17:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636","name":"https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636","refsource":"MISC","tags":[],"title":"gfs2: Don't deref jdesc in evict · torvalds/linux@504a10d · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5480","name":"DSA-5480","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5480-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2214348","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2214348","refsource":"MISC","tags":[],"title":"2214348 – (CVE-2023-3212) CVE-2023-3212 kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230929-0005/","name":"https://security.netapp.com/advisory/ntap-20230929-0005/","refsource":"CONFIRM","tags":[],"title":"CVE-2023-3212 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5448","name":"DSA-5448","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5448-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","name":"[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3623-1] linux-5.10 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3212","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3212","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.4","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3212","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-3212","qid":"161066","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-6583)"},{"cve":"CVE-2023-3212","qid":"161147","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7077)"},{"cve":"CVE-2023-3212","qid":"199469","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6231-1)"},{"cve":"CVE-2023-3212","qid":"199757","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6339-4)"},{"cve":"CVE-2023-3212","qid":"199765","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6388-1)"},{"cve":"CVE-2023-3212","qid":"199783","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6396-1)"},{"cve":"CVE-2023-3212","qid":"199804","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6417-1)"},{"cve":"CVE-2023-3212","qid":"199810","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6412-1)"},{"cve":"CVE-2023-3212","qid":"199812","title":"Ubuntu Security Notification for Linux kernel (KVM) Vulnerabilities (USN-6396-2)"},{"cve":"CVE-2023-3212","qid":"199834","title":"Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6396-3)"},{"cve":"CVE-2023-3212","qid":"199883","title":"Ubuntu Security Notification for Linux kernel (NVIDIA) Vulnerabilities (USN-6466-1)"},{"cve":"CVE-2023-3212","qid":"242399","title":"Red Hat Update for kernel security (RHSA-2023:6583)"},{"cve":"CVE-2023-3212","qid":"242434","title":"Red Hat Update for kernel-rt security (RHSA-2023:6901)"},{"cve":"CVE-2023-3212","qid":"242451","title":"Red Hat Update for kernel security (RHSA-2023:7077)"},{"cve":"CVE-2023-3212","qid":"355864","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-051"},{"cve":"CVE-2023-3212","qid":"356403","title":"Amazon Linux Security Advisory for kernel : ALAS2-2023-2268"},{"cve":"CVE-2023-3212","qid":"356578","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-054"},{"cve":"CVE-2023-3212","qid":"378889","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0036)"},{"cve":"CVE-2023-3212","qid":"378892","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0114)"},{"cve":"CVE-2023-3212","qid":"379043","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)"},{"cve":"CVE-2023-3212","qid":"6000207","title":"Debian Security Update for linux (DSA 5448-1)"},{"cve":"CVE-2023-3212","qid":"6000212","title":"Debian Security Update for linux (DSA 5480-1)"},{"cve":"CVE-2023-3212","qid":"6000265","title":"Debian Security Update for linux-5.10 (DLA 3623-1)"},{"cve":"CVE-2023-3212","qid":"6000429","title":"Debian Security Update for linux (DLA 3710-1)"},{"cve":"CVE-2023-3212","qid":"673354","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2843)"},{"cve":"CVE-2023-3212","qid":"673496","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2860)"},{"cve":"CVE-2023-3212","qid":"907075","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27328-1)"},{"cve":"CVE-2023-3212","qid":"907167","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27308-1)"},{"cve":"CVE-2023-3212","qid":"941453","title":"AlmaLinux Security Update for kernel (ALSA-2023:7077)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-3212","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Linux kernel (gfs2 file system)","version":{"version_data":[{"version_value":"Fixed in kernel 6.4-rc2"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-476"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2214348","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2214348"},{"refsource":"MISC","name":"https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636","url":"https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636"},{"refsource":"DEBIAN","name":"DSA-5448","url":"https://www.debian.org/security/2023/dsa-5448"},{"refsource":"DEBIAN","name":"DSA-5480","url":"https://www.debian.org/security/2023/dsa-5480"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230929-0005/","url":"https://security.netapp.com/advisory/ntap-20230929-0005/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"}]},"description":{"description_data":[{"lang":"eng","value":"A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic."}]}},"nvd":{"publishedDate":"2023-06-23 20:15:00","lastModifiedDate":"2023-10-26 20:17:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":4.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}