CVE-2023-0590Use After Free in Kernel

CWE-416Use After Free32 documents8 sources
Severity
4.7MEDIUMNVD
OSV5.5OSV4.3
EPSS
0.0%
top 97.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.107.1-2 ON CBL Mariner 2.0+5 more
Timeline
PublishedMar 23
Latest updateFeb 13

Description

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages11 packages

NVDlinux/linux_kernel< 6.1+1
Debianlinux/linux_kernel< 5.10.158-1+3
Ubuntulinux/linux_kernel< 5.4.0-156.173+1
CVEListV5linux/linux_kernelLinux kernel 6.1-rc2

🔴Vulnerability Details

13
OSV
linux-azure-5.4 vulnerabilities2023-09-04
OSV
linux-azure vulnerabilities2023-08-31
OSV
linux-bluefield, linux-ibm vulnerabilities2023-08-29
OSV
linux-gke, linux-ibm-5.4 vulnerabilities2023-08-28
OSV
linux-hwe-5.4, linux-xilinx-zynqmp vulnerabilities2023-08-17

📋Vendor Advisories

18
CISA ICS
Siemens SCALANCE W7002025-02-13
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Linux kernel (Azure) vulnerabilities2023-09-04
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31
Ubuntu
Linux kernel vulnerabilities2023-08-29
CVE-2023-0590 — Use After Free in Linux Kernel | cvebase