Lucene search
HistoryJan 04, 2024 - 5:15 p.m.
CVE-2023-6270
linux
kernel
flaw
security
vulnerability
denial of service
code execution
nvd
cve-2023-6270
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.0%
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on struct net_device, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to a denial of service condition or potential code execution.
Affected configurations
Node
linuxlinux_kernelMatch-
Node
fedoraprojectfedoraMatch39
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | eq | - |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
}
]Related
debiancve
debiancve
CVE-2023-6270
2024-01-04 17:15:08
CVE-2024-26898
2024-04-17 11:15:10
redhatcve
redhatcve
CVE-2023-6270
2024-01-04 15:23:15
CVE-2024-26898
2024-04-17 17:53:45
cvelist
cvelist
nvd
nvd
CVE-2023-6270
2024-01-04 17:15:08
CVE-2024-26898
2024-04-17 11:15:10
ubuntucve
ubuntucve
CVE-2023-6270
2024-01-04 00:00:00
CVE-2024-26898
2024-04-17 00:00:00
prion
prion
Design/Logic Flaw
2024-01-04 17:15:00
cnvd
cnvd
Linux kernel code execution vulnerability (CNVD-2024-14767)
2024-01-05 00:00:00
vulnrichment
vulnrichment
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2024-1923)
2024-03-05 00:00:00
Amazon Linux 2 : kernel (ALAS-2024-2475)
2024-03-05 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-062)
2024-04-01 00:00:00
cve
cve
CVE-2024-26898
2024-04-17 11:15:10
amazon
amazon
Important: kernel
2024-02-28 23:54:00
Important: kernel
2024-02-29 10:03:00
ubuntu
ubuntu
Kernel Live Patch Security Notice
2024-06-10 00:00:00
Linux kernel (Azure) vulnerabilities
2024-06-14 00:00:00
Linux kernel vulnerabilities
2024-06-10 00:00:00
mageia
mageia
Updated kernel, kmod-xtables-addons, kmod-virtualbox packages fix security vulnerabilities
2024-04-23 04:20:56
Updated kernel-linus packages fix security vulnerabilities
2024-04-23 04:20:56
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0141)
2024-04-23 00:00:00
Mageia: Security Advisory (MGASA-2024-0142)
2024-04-23 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1642-1)
2024-05-24 00:00:00
osv
osv
linux-gkeop, linux-gkeop-5.15, linux-kvm vulnerabilities
2024-06-10 17:13:01
linux-aws, linux-aws-5.15 vulnerabilities
2024-06-11 20:53:02
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2024-06-05 19:11:11
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.0%
Related for CVE-2023-6270