CVE-2023-2162Use After Free in Kernel

CWE-416Use After Free44 documents8 sources
Severity
5.5MEDIUMNVD
OSV4.7
EPSS
0.0%
top 99.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.111.1-1 ON CBL Mariner 2.0+5 more
Timeline
PublishedApr 19
Latest updateSep 19

Description

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

NVDlinux/linux_kernel< 6.2+1
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 4.15.0-211.222+3
CVEListV5linux/linux_kernelLinux Kernel version prior to Kernel 6.2 RC6

Patches

Patch: www.spinics.netPatch: www.spinics.net

🔴Vulnerability Details

21
OSV
linux-oem-6.0 vulnerabilities2023-09-19
OSV
linux-iot vulnerabilities2023-07-27
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2023-07-26
OSV
linux-xilinx-zynqmp vulnerabilities2023-07-12
OSV
linux-intel-iotg vulnerabilities2023-06-01

📋Vendor Advisories

21
Ubuntu
Linux kernel (OEM) vulnerabilities2023-09-19
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Linux kernel vulnerabilities2023-07-26
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2023-07-12
Ubuntu
Linux kernel vulnerabilities2023-06-01

💬Community

1
Bugzilla
CVE-2023-2162 kernel: UAF during login when accessing the shost ipaddress2023-04-18
CVE-2023-2162 — Use After Free in Linux Kernel | cvebase