← Back

CVE-2023-1476

nvd nist
Published: Nov 3, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.

Affected (6)

Linux
1 product
Linux Kernel
Redhat
5 products
Enterprise Linux
Enterprise Linux Eus
Enterprise Linux For Power Little Endian
Enterprise Linux For Power Little Endian Eus
Enterprise Linux Server Tus
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Linux Kernel
Before 5.14
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 8.0
Enterprise Linux Eus
Version 8.8
Enterprise Linux For Power Little Endian
Version 8.0_ppc64le
Enterprise Linux For Power Little Endian Eus
Version 8.8_ppc64le
Enterprise Linux Server Tus
Version 8.8

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (8)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch

Timeline

No history available yet.