Описание
A race condition was found in the Linux kernel's r592 device driver, when removing the module before cleanup in the r592_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:6901 | 14.11.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:7077 | 14.11.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel | Fixed | RHSA-2024:0724 | 07.02.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel | Fixed | RHSA-2024:0575 | 30.01.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:6583 | 07.11.2023 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:6583 | 07.11.2023 |
Показывать по
Дополнительная информация
Статус:
6.4 Medium
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3141. Reason: This candidate is a reservation duplicate of CVE-2023-3141. Notes: All CVE users should reference CVE-2023-3141 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.
Уязвимость функции r592_remove в драйвере устройства r592 ядра операционной системы Linux, позволяющая нарушителю привести к сбою системы или другому неопределенному поведению
ELSA-2023-6583: kernel security, bug fix, and enhancement update (IMPORTANT)
ELSA-2023-7077: kernel security, bug fix, and enhancement update (IMPORTANT)
6.4 Medium
CVSS3