CVE-2023-47233Use After Free in Linux

CWE-416Use After Free45 documents9 sources
Severity
5.5MEDIUMNVD
NVD4.3OSV6.5OSV4.3
EPSS
0.0%
top 94.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedNov 3
Latest updateJul 4

Description

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 0.7 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel3.74.19.312+8
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-182.202+4
CVEListV5linux/linuxe756af5b30b008f6ffcfebf8ad0b477f6f225b62202c503935042272e2f9e1bb549d5f69a8681169+9
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: lore.kernel.orgPatch: marc.infoPatch: lore.kernel.org

🔴Vulnerability Details

21
OSV
linux-oracle vulnerabilities2024-07-04
OSV
linux-azure, linux-gke vulnerabilities2024-06-14
OSV
linux-oem-6.8 vulnerabilities2024-06-11
OSV
linux-intel-iotg-5.15 vulnerabilities2024-06-11
OSV
linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities2024-06-07

📋Vendor Advisories

21
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-07-04
Ubuntu
Linux kernel vulnerabilities2024-06-14
Ubuntu
Linux kernel (OEM) vulnerabilities2024-06-11
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-06-11
Ubuntu
Linux kernel vulnerabilities2024-06-07

💬Community

1
Bugzilla
CVE-2023-47233 kernel: Use after free in brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c2023-11-07