CVE-2023-51042 — Use After Free in Kernel

CWE-416 — Use After Free8 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 91.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Google Chrome Chrome +2 more

Timeline

PublishedJan 23

Latest updateFeb 16

Description

In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶NVDlinux/linux_kernel< 6.4.12

▶Debianlinux/linux_kernel< 5.10.197-1+3

▶debiandebian/linux< linux 6.1.52-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.148.1-1_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_kernel_5.15.180.1-1_on_cbl_mariner_2.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2023-51042: In the Linux kernel before 6↗2024-01-23

▶

GHSA

GHSA-5v7q-gqff-9cj8: In the Linux kernel before 6↗2024-01-23

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2023-51042↗2024-02-16

▶

Red Hat

kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c↗2024-01-23

▶

Microsoft

In the Linux kernel before 6.4.12 amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.↗2024-01-09

▶

Debian

CVE-2023-51042: linux - In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/...↗2023

▶

💬Community

Bugzilla

CVE-2023-51042 kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c↗2024-01-23

▶