CVE-2023-3141

CWE-416 — Use After Free22 documents8 sources

Severity

7.1HIGH

EPSS

0.0%

top 99.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Debian Linux Netapp HCI Baseboard Management Controller

Timeline

PublishedJun 9

Latest updateSep 19

Description

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDlinux/linux_kernel2.6.39 — 4.14.316+6

▶CVEListV5kernelKenrel version prior to Kernel 6.4-rc1

▶Debianlinux< 5.10.191-1+3

▶NVDnetapp/hci_baseboard_management_controller5 versions+4

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

CVE-2023-3141: A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592↗2023-06-09

▶

CVEList

CVE-2023-3141: A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592↗2023-06-09

▶

GHSA

GHSA-w67p-q3fw-r56g: A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592↗2023-06-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OEM) vulnerabilities↗2023-09-19

▶

Ubuntu

Linux kernel (Azure CVM) vulnerabilities↗2023-09-06

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2023-09-04

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2023-08-31

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2023-08-31

▶