CVE-2023-1118Use After Free in Kernel

CWE-416Use After FreeCWE-820Missing Synchronization55 documents11 sources
Severity
7.8HIGHNVD
OSV6.7OSV5.9OSV5.5OSV4.7
EPSS
0.0%
top 95.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxPaloalto Pan-os+2 more
Timeline
PublishedMar 2
Latest updateDec 30

Description

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel2.6.364.14.308+6
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 4.15.0-211.222+3
CVEListV5linux/linux_kernelLinux kernel 6.3-rc1
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

24
OSV
linux-iot vulnerabilities2023-07-27
OSV
linux-xilinx-zynqmp vulnerabilities2023-07-12
OSV
linux-intel-iotg vulnerabilities2023-06-01
OSV
linux-aws-5.4, linux-bluefield vulnerabilities2023-06-01
OSV
linux-intel-iotg-5.15 vulnerabilities2023-06-01

📋Vendor Advisories

28
Red Hat
kernel: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()2025-12-30
CISA ICS
Siemens SCALANCE W7002025-02-13
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2023-07-12