Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-32269

Опубликовано: 26 янв. 2023
Источник: redhat
CVSS3: 6.7

Описание

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

A use-after-free flaw was found in nr_listen in net/netrom/af_netrom.c in the Linux Kernel. The system must have netrom routing configured or an attacker must have the CAP_NET_ADMIN capability for this issue to be exploited.

Отчет

No shipped kernel version was seen affected with this problem. These files are not built in our source code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2210940kernel: user after free in nr_listen in net/netrom/af_netrom.c

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-32269

CVSS3: 6.7
ubuntu
почти 3 года назад

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

nvd логотип

CVE-2023-32269

CVSS3: 6.7
nvd
почти 3 года назад

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

msrc логотип

CVE-2023-32269

CVSS3: 6.7
msrc
больше 2 лет назад

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However in order for an attacker to exploit this the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

debian логотип

CVE-2023-32269

CVSS3: 6.7
debian
почти 3 года назад

An issue was discovered in the Linux kernel before 6.1.11. In net/netr ...

github логотип

GHSA-jmv4-pg4w-272q

CVSS3: 6.7
github
почти 3 года назад

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

6.7 Medium

CVSS3