CVE-2023-30772Use After Free in Kernel

CWE-416Use After FreeCWE-366Race Condition within a Thread27 documents8 sources
Severity
6.4MEDIUMNVD
OSV6.5OSV5.5
EPSS
0.1%
top 81.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.111.1-1 ON CBL Mariner 2.0+6 more
Timeline
PublishedApr 16
Latest updateMay 28

Description

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages11 packages

NVDlinux/linux_kernel< 6.2.9
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 5.4.0-156.173+1
debiandebian/linux< linux 6.1.25-1 (bookworm)

Patches

Patch: cdn.kernel.orgPatch: git.kernel.orgPatch: cdn.kernel.org

🔴Vulnerability Details

12
OSV
linux-azure-fde-5.15 vulnerabilities2023-09-06
OSV
linux-azure-5.4 vulnerabilities2023-09-04
OSV
linux-azure vulnerabilities2023-08-31
OSV
linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities2023-08-31
OSV
linux-bluefield, linux-ibm vulnerabilities2023-08-29

📋Vendor Advisories

13
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2023-09-06
Ubuntu
Linux kernel (Azure) vulnerabilities2023-09-04
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31
Ubuntu
Linux kernel vulnerabilities2023-08-29

📄Research Papers

1
arXiv
VulBinLLM: LLM-powered Vulnerability Detection for Stripped Binaries2025-05-28
CVE-2023-30772 — Use After Free in Linux Kernel | cvebase