CVE-2023-33203 — Race Condition in Kernel

CWE-362 — Race Condition CWE-459 — Incomplete Cleanup30 documents11 sources

Severity

6.4MEDIUMNVD

OSV6.5OSV5.5

EPSS

0.0%

top 95.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Paloalto Pan-os

Timeline

PublishedMay 18

Latest updateFeb 15

Description

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel< 6.2.9

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-156.173+1

▶Palo Altopaloalto/pan-os

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-azure-fde-5.15 vulnerabilities↗2023-09-06

▶

OSV

linux-azure-5.4 vulnerabilities↗2023-09-04

▶

OSV

linux-azure vulnerabilities↗2023-08-31

▶

OSV

linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities↗2023-08-31

▶

OSV

linux-bluefield, linux-ibm vulnerabilities↗2023-08-29

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

Linux kernel (Azure CVM) vulnerabilities↗2023-09-06

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2023-09-04

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2023-08-31

▶

💬Community

Bugzilla

CVE-2023-33203 kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()↗2023-05-02

▶