Use-After-Free Vulnerability in Linux Kernel Affects NetApp Products
CVE-2023-51780

7HIGH

Key Information:

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 11 January 2024

🔔 Create Linux Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2023-51780?

A use-after-free vulnerability exists in the Linux kernel prior to version 6.6.8. The issue is associated with the do_vcc_ioctl function located in net/atm/ioctl.c, where a race condition during the vcc_recvmsg operation can lead to unintended memory access. This vulnerability may allow an attacker to exploit the race condition, potentially leading to various adverse effects on system stability and security.

News Articles

CVE-2023-51780 CVE-2023-51781

USN-6651-3: Linux kernel (StarFive) vulnerabilities | Ubuntu security notices | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

thmubnail image

References

https://github.com/torvalds/linux/commit/24e90b9e34f9e039...

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8

https://lists.debian.org/debian-lts-announce/2024/01/msg0...

CVSS V3.1

Score:

7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Ubuntu
May 22, 2025
Vulnerability published
Jan 11, 2024
Vulnerability Reserved
Dec 25, 2023

.