vulnerability

Red Hat: CVE-2023-1838: kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:L/Au:S/C:C/I:N/A:C)	2023-04-05	2024-01-26	2024-03-13

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:C)

Published

2023-04-05

Added

2024-01-26

Modified

2024-03-13

Description

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

Solution(s)

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

NVD-CVE-2023-1838
REDHAT-RHSA-2024:0412
REDHAT-RHSA-2024:0575
REDHAT-RHSA-2024:0881
REDHAT-RHSA-2024:0897

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today