CVE-2023-4387
published 2023-08-16CVE-2023-4387: A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.17.11-1 (bookworm) | linux 5.17.11-1 (bookworm) |
| linux | linux_kernel | >= 0 < 5.10.120-1 | 5.10.120-1 |
| linux | linux_kernel | >= 0 < 5.17.11-1 | 5.17.11-1 |
| linux | linux_kernel | >= 0 < 5.17.11-1 | 5.17.11-1 |
| linux | linux_kernel | >= 0 < 5.17.11-1 | 5.17.11-1 |
| linux | linux_kernel | >= 0 < 4.4.0-245.279 | 4.4.0-245.279 |
| linux | linux_kernel | >= 3.16.60 < 3.17 | 3.17 |
| linux | linux_kernel | >= 4.10 < 4.14.281 | 4.14.281 |
| linux | linux_kernel | >= 4.15 < 4.19.245 | 4.19.245 |
| linux | linux_kernel | >= 4.20 < 5.4.196 | 5.4.196 |
| linux | linux_kernel | >= 4.4 < 4.9.316 | 4.9.316 |
| linux | linux_kernel | >= 5.11 < 5.15.42 | 5.15.42 |
| linux | linux_kernel | >= 5.16 < 5.17.10 | 5.17.10 |
| linux | linux_kernel | >= 5.5 < 5.10.118 | 5.10.118 |
| msrc | cbl2_kernel_5.15.126.1-1_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH