Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-35823

Опубликовано: 19 июн. 2023
Источник: redhat
CVSS3: 6.7

Описание

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.

A race condition was found in the Linux kernel's saa7134 device driver. This occurs when removing the module before cleanup in the saa7134_finidev function which can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.

Отчет

Because this flaw only affects systems with specific hardware installed, and because exploitation requires an attacker to be able to manipulate the driver or the physical hardware with precise timing, Red Hat assesses the impact of this vulnerability as Moderate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:690114.11.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:707714.11.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:041225.01.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:057530.01.2024
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernelFixedRHSA-2024:041225.01.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362->CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2215835kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-35823

CVSS3: 7
ubuntu
около 2 лет назад

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.

nvd логотип

CVE-2023-35823

CVSS3: 7
nvd
около 2 лет назад

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.

msrc логотип

CVE-2023-35823

CVSS3: 7
msrc
почти 2 года назад

Описание отсутствует

debian логотип

CVE-2023-35823

CVSS3: 7
debian
около 2 лет назад

An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...

github логотип

GHSA-97pm-8r38-gfm3

CVSS3: 7
github
около 2 лет назад

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.

6.7 Medium

CVSS3