Kernel: use after free in nvmet_tcp_free_crypto in nvme
CVE-2023-5178

8.8HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions
Vendor
CVE Published:
1 November 2023

Summary

A use-after-free vulnerability in the NVMe/TCP subsystem of the Linux kernel has been identified, specifically within the nvmet_tcp_free_crypto function. This vulnerability arises from a logical flaw, allowing an attacker to exploit the use-after-free and double-free conditions. Such an exploit may enable remote code execution or facilitate local privilege escalation, posing significant security risks to systems relying on this kernel functionality.

Affected Version(s)

Red Hat Enterprise Linux 8 0:4.18.0-513.9.1.rt7.311.el8_9

Red Hat Enterprise Linux 8 0:4.18.0-513.9.1.el8_9

References

https://access.redhat.com/errata/RHSA-2023:7370
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7379
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7418
vendor-advisoryx_refsource_REDHAT

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.