Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-6039

Опубликовано: 26 июл. 2023
Источник: redhat
CVSS3: 5.5

Описание

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

Отчет

The affected code was not introduced into any kernel versions shipped with Red Hat Enterprise Linux, making this vulnerability not applicable to these platforms.

Меры по смягчению последствий

Mitigation for this issue is to skip loading the affected module "lan78xx" onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.

How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2248755kernel: use-after-free in drivers/net/usb/lan78xx.c in lan78xx_disconnect

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-6039

CVSS3: 5.5
ubuntu
около 2 лет назад

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

nvd логотип

CVE-2023-6039

CVSS3: 5.5
nvd
около 2 лет назад

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

debian логотип

CVE-2023-6039

CVSS3: 5.5
debian
около 2 лет назад

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/u ...

github логотип

GHSA-pjpx-xv79-pcwg

CVSS3: 5.5
github
около 2 лет назад

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

fstec логотип

BDU:2023-07947

CVSS3: 5.5
fstec
больше 2 лет назад

Уязвимость функции lan78xx_disconnect (drivers/net/usb/lan78xx.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3