Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-4387

Опубликовано: 14 мая 2022
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

Меры по смягчению последствий

Mitigation for this issue is to skip loading the affected module "vmxnet3" onto the system until the fix is available, this can be done by a blacklist mechanism which will ensure the driver is not loaded at the boot time.

How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernelFixedRHSA-2022:768308.11.2022
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2219270kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()

EPSS

Процентиль: 1%
0.00009
Низкий

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-4387

CVSS3: 7.1
ubuntu
почти 2 года назад

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

nvd логотип

CVE-2023-4387

CVSS3: 7.1
nvd
почти 2 года назад

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

debian логотип

CVE-2023-4387

CVSS3: 7.1
debian
почти 2 года назад

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/ ...

github логотип

GHSA-5c32-vrpq-fgr5

CVSS3: 6.6
github
почти 2 года назад

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

fstec логотип

BDU:2023-04900

CVSS3: 7.1
fstec
около 3 лет назад

Уязвимость функции vmxnet3_rq_alloc_rx_buf() в модуле drivers/net/vmxnet3/vmxnet3_drv.c драйвера vmxnet3 ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании

EPSS

Процентиль: 1%
0.00009
Низкий

7.1 High

CVSS3