Linux Kernel Memory Management Flaw in Scatterlist Module
CVE-2023-40791

9.1CRITICAL

Key Information:

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 16 October 2023

What is CVE-2023-40791?

A memory management vulnerability in the 'extract_user_to_sg' function within the Linux kernel's 'lib/scatterlist.c' may lead to resources not being properly released under certain conditions. This issue manifests as a warning during attempts to access pinning pages, potentially impacting system stability and performance.

References

https://lkml.org/lkml/2023/8/3/323

https://lore.kernel.org/linux-crypto/20571.1690369076%40w...

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2023
Vulnerability Reserved
Aug 22, 2023

CVE-2023-40791 Data

JSON