vulnerability

Oracle Linux: CVE-2023-4133: ELSA-2024-2394: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Apr 15, 2023

Added

May 14, 2024

Modified

Aug 12, 2025

Description

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.

Solution

oracle-linux-upgrade-kernel

References

CVE-2023-4133
https://attackerkb.com/topics/CVE-2023-4133
ELSA-ELSA-2024-2394
ELSA-ELSA-2024-3138
CWE-416

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report