CVE-2023-4387 — Use After Free in Kernel

CWE-416 — Use After Free10 documents9 sources

Severity

7.1HIGHNVD

OSV6.5

EPSS

0.0%

top 99.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux

Timeline

PublishedAug 16

Latest updateSep 19

Description

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDlinux/linux_kernel3.16.60 — 3.17+7

▶Debianlinux/linux_kernel< 5.10.120-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-245.279

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2023-09-19

▶

CVEList

Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()↗2023-08-16

▶

OSV

CVE-2023-4387: A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv↗2023-08-16

▶

GHSA

GHSA-5c32-vrpq-fgr5: A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv↗2023-08-16

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2023-09-19

▶

Microsoft

Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()↗2023-08-08

▶

Debian

CVE-2023-4387: linux - A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet...↗2023

▶

Red Hat

kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()↗2022-05-14

▶

💬Community

Bugzilla

CVE-2023-4387 kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()↗2023-07-03

▶