CVE-2023-1990Use After Free in Kernel

CWE-416Use After Free33 documents8 sources
Severity
4.7MEDIUMNVD
OSV6.5OSV5.5
EPSS
0.0%
top 98.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.107.1-2 ON CBL Mariner 2.0+6 more
Timeline
PublishedApr 12
Latest updateFeb 15

Description

A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages12 packages

NVDlinux/linux_kernel< 6.3+1
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 5.4.0-156.173+3
CVEListV5linux/linux_kernelLinux Kernel prior to Kernel 6.3 RC3
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

15
OSV
linux-azure-fde-5.15 vulnerabilities2023-09-06
OSV
linux-azure-5.4 vulnerabilities2023-09-04
OSV
linux-azure vulnerabilities2023-08-31
OSV
linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities2023-08-31
OSV
linux-bluefield, linux-ibm vulnerabilities2023-08-29

📋Vendor Advisories

17
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2023-09-06
Ubuntu
Linux kernel (Azure) vulnerabilities2023-09-04
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31
CVE-2023-1990 — Use After Free in Linux Kernel | cvebase