CVE-2023-4133 — Use After Free in Kernel

CWE-416 — Use After Free9 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 98.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux

Timeline

PublishedAug 3

Latest updateAug 8

Description

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlinux/linux_kernel< 6.3

▶Debianlinux/linux_kernel< 6.3.7-1+1

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

CVEList

Kernel: cxgb4: use-after-free in ch_flower_stats_cb()↗2023-08-03

▶

GHSA

GHSA-w3j7-w57f-mrwq: A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel↗2023-08-03

▶

OSV

CVE-2023-4133: A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel↗2023-08-03

▶

💥Exploits & PoCs

Nuclei

Mlflow <2.3.0 - Local File Inclusion

▶

📋Vendor Advisories

Microsoft

Kernel: cxgb4: use-after-free in ch_flower_stats_cb()↗2023-08-08

▶

Red Hat

kernel: cxgb4: use-after-free in ch_flower_stats_cb()↗2023-04-15

▶

Debian

CVE-2023-4133: linux - A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel...↗2023

▶

💬Community

Bugzilla

CVE-2023-4133 kernel: cxgb4: use-after-free in ch_flower_stats_cb()↗2023-07-10

▶