exploitDog

CVE-2023-1838

Опубликовано: 05 апр. 2023

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

Ссылки

https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230517-0003/
Third Party Advisory
VDB Entry
https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230517-0003/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.13 (включая) до 4.14.317 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.245 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.196 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.118 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.42 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 5.17.10 (исключая)

Конфигурация 2

Одно из

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00011

Низкий

7.1 High

CVSS3

Дефекты

CWE-416

CWE-416

Связанные уязвимости

CVE-2023-1838

CVSS3: 7.1

ubuntu

около 2 лет назад

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

CVE-2023-1838

CVSS3: 7.1

redhat

около 3 лет назад

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

CVE-2023-1838

CVSS3: 7.1

msrc

около 2 лет назад

Описание отсутствует

CVE-2023-1838

CVSS3: 7.1

debian

около 2 лет назад

A use-after-free flaw was found in vhost_net_set_backend in drivers/vh ...

GHSA-rc9p-5gf8-h3m8

CVSS3: 7.1

github

около 2 лет назад

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

EPSS

Процентиль: 1%

0.00011

Низкий

7.1 High

CVSS3

Дефекты

CWE-416

CWE-416