CVE-2023-3317 — Use After Free in Kernel

CWE-416 — Use After Free7 documents7 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 99.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Cbl2 Kernel 5.15.122.1-2 ON CBL Mariner 2.0 +5 more

Timeline

PublishedJun 23

Latest updateAug 11

Description

A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages9 packages

▶NVDlinux/linux_kernel6.2 — 6.2.15+1

▶CVEListV5linux/linux_kernelKErnel version prior to 6.3-rc6

▶msrcmsrc/cm1_kernel_5.10.188.1-1_on_cbl_mariner_1.0

▶msrcmsrc/cbl2_kernel_5.15.122.1-2_on_cbl_mariner_2.0

▶debiandebian/linux

🔴Vulnerability Details

OSV

CVE-2023-3317: A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init↗2023-06-23

▶

GHSA

GHSA-vcpw-jwjp-3c74: A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init↗2023-06-23

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2023-08-11

▶

Microsoft

▶

Red Hat

kernel: use-after-free in wifi mt7921 fw features query↗2023-03-22

▶

Debian

CVE-2023-3317: linux - A use-after-free flaw was found in mt7921_check_offload_capability in drivers/ne...↗2023

▶