CVE-2023-1855Use After Free in Kernel

CWE-416Use After Free31 documents10 sources
Severity
6.3MEDIUMNVD
OSV6.5OSV5.5
EPSS
0.0%
top 97.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Linux KernelDebian LinuxDebian Linux+8 more
Timeline
PublishedApr 5
Latest updateAug 19

Description

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages13 packages

NVDlinux/linux_kernel4.94.14.311+8
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 5.4.0-156.173+1
CVEListV5linux/linux_kernelLinux kernel prior to Kernel 6.3 RC3

Also affects: Debian Linux 10.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

13
OSV
linux-azure-fde-5.15 vulnerabilities2023-09-06
OSV
linux-azure-5.4 vulnerabilities2023-09-04
OSV
linux-azure vulnerabilities2023-08-31
OSV
linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities2023-08-31
OSV
linux-bluefield, linux-ibm vulnerabilities2023-08-29

📋Vendor Advisories

15
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2023-09-06
Ubuntu
Linux kernel (Azure) vulnerabilities2023-09-04
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31

📄Research Papers

1
arXiv
Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects2024-08-19

💬Community

1
Bugzilla
CVE-2023-1855 kernel: use-after-free bug in remove function xgene_hwmon_remove2023-04-05
CVE-2023-1855 — Use After Free in Linux Kernel | cvebase