CVE-2023-5178Use After Free in Kernel

CWE-416Use After FreeCWE-1341Multiple Releases of Same Resource or Handle25 documents9 sources
Severity
8.8HIGHNVD
EPSS
8.6%
top 7.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedNov 1
Latest updateFeb 14

Description

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlinux/linux_kernel5.05.4.260+4
Debianlinux/linux_kernel< 5.10.205-2+3

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: lore.kernel.orgPatch: lore.kernel.org

🔴Vulnerability Details

4
OSV
linux-oem-6.1 vulnerabilities2023-11-21
CVEList
Kernel: use after free in nvmet_tcp_free_crypto in nvme2023-11-01
GHSA
GHSA-xr9j-c7v6-7542: A use-after-free vulnerability was found in drivers/nvme/target/tcp2023-11-01
OSV
CVE-2023-5178: A use-after-free vulnerability was found in drivers/nvme/target/tcp2023-11-01

📋Vendor Advisories

19
Ubuntu
Linux kernel (GCP) vulnerabilities2024-02-14
Ubuntu
Linux kernel vulnerabilities2024-01-10
Ubuntu
Linux kernel (IoT) vulnerabilities2024-01-10
Ubuntu
Linux kernel (Azure) vulnerabilities2024-01-09
Ubuntu
Linux kernel (GKE) vulnerabilities2024-01-09

💬Community

1
Bugzilla
CVE-2023-5178 kernel: use after free in nvmet_tcp_free_crypto in NVMe2023-10-03
CVE-2023-5178 — Use After Free in Linux Kernel | cvebase