CVE-2023-3159

Опубликовано: 09 апр. 2022

Источник: redhat

CVSS3: 6.7

Описание

A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.

A use-after-free flaw was found in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a use-after-free issue when the queue_event() fails.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Affected
Red Hat Enterprise Linux 8	kernel-rt	Affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2213414kernel: use after free issue in driver/firewire in outbound_phy_packet_callback

6.7 Medium

CVSS3

Связанные уязвимости

CVE-2023-3159

CVSS3: 6.7

ubuntu

около 2 лет назад

CVE-2023-3159

CVSS3: 6.7

nvd

около 2 лет назад

CVE-2023-3159

CVSS3: 6.7

msrc

почти 2 года назад

Описание отсутствует

CVE-2023-3159

CVSS3: 6.7

debian

около 2 лет назад

A use after free issue was discovered in driver/firewire in outbound_p ...

GHSA-rfm6-5mxx-g3r7

CVSS3: 6.7

github

около 2 лет назад

6.7 Medium

CVSS3