CVE-2023-1652Use After Free in Kernel

CWE-416Use After Free22 documents9 sources
Severity
7.1HIGHNVD
OSV5.5OSV4.7
EPSS
0.0%
top 96.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedMar 29
Latest updateMay 22

Description

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel5.145.15.91+2
Debianlinux/linux_kernel< 6.1.11-1+2
Ubuntulinux/linux_kernel< 5.15.0-70.77
CVEListV5linux/linux_kernelKernel 6.2 RC5

Also affects: Enterprise Linux 9.0

Patches

Patch: access.redhat.comPatch: access.redhat.com

🔴Vulnerability Details

9
OSV
linux-intel-iotg-5.15 vulnerabilities2023-06-01
OSV
linux-gcp, linux-hwe-5.19 vulnerabilities2023-05-22
OSV
linux, linux-aws, linux-azure, linux-azure-5.19, linux-kvm, linux-lowlatency, linux-raspi vulnerabilities2023-05-16
OSV
linux-intel-iotg vulnerabilities2023-05-05
OSV
linux-hwe-5.15 vulnerabilities2023-04-25

📋Vendor Advisories

10
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-06-01
Ubuntu
Linux kernel vulnerabilities2023-05-22
Ubuntu
Linux kernel vulnerabilities2023-05-18
Ubuntu
Linux kernel vulnerabilities2023-05-16
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-05-05

💬Community

2
Bugzilla
CVE-2023-52706 kernel: gpio: sim: fix a memory leak2024-05-22
Bugzilla
CVE-2023-1652 Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c2023-03-27
CVE-2023-1652 — Use After Free in Linux Kernel | cvebase