Lucene search

K
cvelistFedoraCVELIST:CVE-2023-3439
HistoryJun 28, 2023 - 12:00 a.m.

CVE-2023-3439

2023-06-2800:00:00
CWE-416
fedora
www.cve.org
11
cve-2023-3439
linux kernel
mctp protocol
use-after-free
denial of service

AI Score

5.8

Confidence

High

EPSS

0

Percentile

5.1%

A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device’s relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Linux Kernel (mctp)",
    "versions": [
      {
        "version": "Fixed in kernel 5.18-rc5",
        "status": "affected"
      }
    ]
  }
]

AI Score

5.8

Confidence

High

EPSS

0

Percentile

5.1%