CVE-2023-51781Use After Free in Kernel

CWE-416Use After Free49 documents10 sources
Severity
7.0HIGHNVD
OSV6.8OSV6.4OSV5.5OSV4.9
EPSS
0.0%
top 96.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxDebian Linux+5 more
Timeline
PublishedJan 11
Latest updateAug 14

Description

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel< 6.6.8+2
Debianlinux/linux_kernel< 5.10.205-2+3
Ubuntulinux/linux_kernel< 5.4.0-172.190+10
debiandebian/linux< linux 6.1.69-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

22
OSV
Kernel Live Patch Security Notice2024-06-10
OSV
Kernel Live Patch Security Notice2024-04-30
OSV
linux-azure vulnerabilities2024-04-09
OSV
Kernel Live Patch Security Notice2024-04-03
OSV
linux-aws-hwe, linux-azure, linux-azure-4.15, linux-oracle vulnerabilities2024-03-25

📋Vendor Advisories

25
CISA ICS
Siemens SINEC OS2025-08-14
Ubuntu
Kernel Live Patch Security Notice2024-06-10
Ubuntu
Kernel Live Patch Security Notice2024-04-30
Ubuntu
Linux kernel (Azure) vulnerabilities2024-04-09
Ubuntu
Kernel Live Patch Security Notice2024-04-03

💬Community

1
Bugzilla
CVE-2023-51781 kernel: use-after-free in net/appletalk/ddp.c2024-01-10
CVE-2023-51781 — Use After Free in Linux Kernel | cvebase