Use-After-Free Vulnerability in Linux Kernel Affects NetApp Products
CVE-2023-51780

7HIGH

Key Information:

Vendor

Linux
Status
Linux Kernel
Vendor
CVE Published:
11 January 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2023-51780?

A use-after-free vulnerability exists in the Linux kernel prior to version 6.6.8. The issue is associated with the do_vcc_ioctl function located in net/atm/ioctl.c, where a race condition during the vcc_recvmsg operation can lead to unintended memory access. This vulnerability may allow an attacker to exploit the race condition, potentially leading to various adverse effects on system stability and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

favicon imageUbuntu

USN-6651-3: Linux kernel (StarFive) vulnerabilities | Ubuntu security notices | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

References

https://github.com/torvalds/linux/commit/24e90b9e34f9e039...
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8
https://lists.debian.org/debian-lts-announce/2024/01/msg0...
mailing-list

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by Ubuntu

  • Vulnerability published

  • Vulnerability Reserved

JSON
.