Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-33203

Опубликовано: 20 мар. 2023
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

A race condition vulnerability was found in the Linux kernel's Qualcomm EMAC Gigabit Ethernet Controller when the user physically removes the device before cleanup in the emac_remove function. This flaw can eventually result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.

Отчет

Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include support for the EMAC Gigabit Ethernet Controller.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:690114.11.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:707714.11.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:041225.01.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:057530.01.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362->CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2192667kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()

EPSS

Процентиль: 1%
0.00013
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-33203

CVSS3: 6.4
ubuntu
около 2 лет назад

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

nvd логотип

CVE-2023-33203

CVSS3: 6.4
nvd
около 2 лет назад

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

msrc логотип

CVE-2023-33203

CVSS3: 6.4
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-33203

CVSS3: 6.4
debian
около 2 лет назад

The Linux kernel before 6.2.9 has a race condition and resultant use-a ...

github логотип

GHSA-jh2m-9m55-5q8v

CVSS3: 6.4
github
около 2 лет назад

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

EPSS

Процентиль: 1%
0.00013
Низкий

6.4 Medium

CVSS3