CVE-2023-3439

CVSS V2 None CVSS V3 None

Description

A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.

Overview

CVE ID
CVE-2023-3439

Assigner
fedora

Vulnerability Status
PUBLISHED

Published Version
2023-06-28T00:00:00

Last Modified Date
2023-07-02T00:00:00

Weakness Enumerations

CWE	URL
CWE-416	http://cwe.mitre.org/data/definitions/416.html

References

Reference URL	Reference Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2217915
https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269
http://www.openwall.com/lists/oss-security/2023/07/02/1	mailing-list

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-3439
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3439

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 21:06:40				Added to TrackCVE