CVE-2023-54262Use After Free in Linux

CWE-416Use After Free7 documents6 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5e_clone_flow_attr_for_post_act(). Creating another copy in mlx5e_tc_post_act_add() is a erroneous leftover from original implementation. Instead, assign handle->attribute to post_attr provided by the caller. Note that cloning the attribute second time is not just wasteful but also causes issues like second copy

Affected Packages4 packages

Linuxlinux/linux_kernel5.18.06.1.28+2
Debianlinux/linux_kernel< 6.1.37-1+2
CVEListV5linux/linux8300f225268be9ee2c0daf5a3f23929fcdcbf213c382b693ffcb1f1ebf60d76ab9dedfe9ea13eedf+4
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54262: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already cl2025-12-30
OSV
net/mlx5e: Don't clone flow post action attributes second time2025-12-30
GHSA
GHSA-jg98-775f-9rrv: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: net/mlx5e: Don't clone flow post action attributes second time2025-12-30
Debian
CVE-2023-54262: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54262 Impact, Exploitability, and Mitigation Steps | Wiz