CVE-2023-3439 — Use After Free in Linux
Severity
4.7MEDIUMNVD
OSV7.8
EPSS
0.0%
top 99.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 28
Latest updateJul 26
Description
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages11 packages
Patches
🔴Vulnerability Details
4OSV▶
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5↗2023-07-25
📋Vendor Advisories
5Microsoft▶
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However a running routine may be unaware of t↗2023-06-13
Debian▶
CVE-2023-3439: linux - A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unr...↗2023