Use-After-Free Vulnerability in Linux Kernel Affects NetApp Products
CVE-2023-51780

7HIGH

Key Information:

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 11 January 2024

Summary

A use-after-free vulnerability exists in the Linux kernel prior to version 6.6.8. The issue is associated with the do_vcc_ioctl function located in net/atm/ioctl.c, where a race condition during the vcc_recvmsg operation can lead to unintended memory access. This vulnerability may allow an attacker to exploit the race condition, potentially leading to various adverse effects on system stability and security.

References

https://github.com/torvalds/linux/commit/24e90b9e34f9e039...

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8

https://lists.debian.org/debian-lts-announce/2024/01/msg0...

mailing-list

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2024
Vulnerability Reserved
Dec 25, 2023