CVE-2023-3863Use After Free in Kernel

CWE-416Use After Free38 documents10 sources
Severity
4.1MEDIUMNVD
CNA6.4OSV9.8OSV7.1OSV7.0OSV6.5OSV5.7OSV4.7
EPSS
0.0%
top 99.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelDebian Linux
Timeline
PublishedJul 24
Latest updateFeb 15

Description

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages3 packages

Debianlinux/linux_kernel< 5.10.191-1+3
Ubuntulinux/linux_kernel< 5.4.0-164.181+3

Also affects: Debian Linux 10.0, 11.0, 12.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

18
OSV
linux-starfive-6.2 vulnerabilities2023-11-28
OSV
linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-2023-10-31
OSV
linux-nvidia-6.2 vulnerabilities2023-10-31
OSV
linux-intel-iotg-5.15 vulnerabilities2023-10-24
OSV
linux-raspi vulnerabilities2023-10-19

📋Vendor Advisories

18
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Linux kernel (StarFive) vulnerabilities2023-11-28
Ubuntu
Linux kernel vulnerabilities2023-10-31
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2023-10-31
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2023-10-19

💬Community

1
Bugzilla
CVE-2023-3863 kernel: use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c2023-07-24