From b987c39e1228b430b875f5c5c327edc98d95b13d Mon Sep 17 00:00:00 2001
From: yuxuanwangbuaa <yuxuanwang@buaa.edu.cn>
Date: Thu, 30 Mar 2023 11:09:51 +0800
Subject: [PATCH] ADD CVE-2023-28466

---
 .../2023/CVE-2023-28466/README.md             | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 cve/linux-kernel/2023/CVE-2023-28466/README.md

diff --git a/cve/linux-kernel/2023/CVE-2023-28466/README.md b/cve/linux-kernel/2023/CVE-2023-28466/README.md
new file mode 100644
index 00000000..9cf01b1e
--- /dev/null
+++ b/cve/linux-kernel/2023/CVE-2023-28466/README.md
@@ -0,0 +1,31 @@
+id: CVE-2023-28466
+
+source: Red Hat
+
+severity: 
+
+do_tls_getsockopt 缺少 lock_sock 调用，导致竞争条件，可能导致释放后使用或NULL 指针取消引用。
+
+description:
+
+do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
+
+scope-of-influence: Linux kernel <= 6.2.6
+
+reference:
+
+[kernel/git/torvalds/linux.git - Linux kernel source tree](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962)
+
+[CVE - CVE-2023-28466 (mitre.org)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28466)
+
+[NVD - CVE-2023-28466 (nist.gov)](https://nvd.nist.gov/vuln/detail/CVE-2023-28466)
+
+classification:
+    cvss-metrics:  CVSS:3.1
+    cvss-score: 7.0
+    cve-id: CVE-2023-28466
+    tags: Linux kernel
+
+solution：
+
+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
\ No newline at end of file
-- 
Gitee