CVE-2023-51780Use After Free in Kernel

CWE-416Use After Free41 documents9 sources
Severity
7.0HIGHNVD
OSV5.5OSV4.9
EPSS
0.0%
top 94.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxDebian Linux+6 more
Timeline
PublishedJan 11
Latest updateAug 14

Description

An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel< 6.6.8+2
Debianlinux/linux_kernel< 5.10.205-2+3
Ubuntulinux/linux_kernel< 5.4.0-173.191+3
debiandebian/linux< linux 6.1.69-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

19
OSV
linux-azure, linux-azure-5.4 vulnerabilities2024-03-25
OSV
linux-aws, linux-aws-5.4 vulnerabilities2024-03-19
OSV
linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4 vulnerabilities2024-03-13
OSV
linux-bluefield, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities2024-03-11
OSV
linux, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-iot, linux-kvm, linux-raspi vulnerabilities2024-03-06

📋Vendor Advisories

20
CISA ICS
Siemens SINEC OS2025-08-14
Ubuntu
Linux kernel (Azure) vulnerabilities2024-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2024-03-19
Ubuntu
Linux kernel vulnerabilities2024-03-13
Ubuntu
Linux kernel vulnerabilities2024-03-11

💬Community

1
Bugzilla
CVE-2023-51780 kernel: use-after-free in net/atm/ioctl.c2024-01-10
CVE-2023-51780 — Use After Free in Linux Kernel | cvebase