CVE-2023-39198 Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()

🗓️ 09 Nov 2023 19:15:47Reported by redhatType

CVE-2023-39198 Kernel: qxl race condition in qxl_mode_dumb_create(

Reporter	Title	Published	Views	Family All 250
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus	13 May 202511:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management	27 Sep 202418:10	–	ibm
Tenable Nessus	Amazon Linux 2 : kernel (ALAS-2024-2391)	9 Jan 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-045)	9 Jan 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-047)	24 Jan 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-057)	9 Jan 202400:00	–	nessus
Tenable Nessus	Debian dla-3841 : linux-config-5.10 - security update	27 Jun 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1062)	16 Jan 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1086)	16 Jan 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1107)	26 Jan 202400:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.18.0-553.rt7.342.el8_10",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::nfv",
      "cpe:/a:redhat:enterprise_linux:8::realtime"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.18.0-553.el8_10",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::baseos",
      "cpe:/a:redhat:enterprise_linux:8::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:5.14.0-427.13.1.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/a:redhat:enterprise_linux:9::realtime",
      "cpe:/a:redhat:enterprise_linux:9::nfv",
      "cpe:/o:redhat:enterprise_linux:9::baseos",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:5.14.0-427.13.1.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/a:redhat:enterprise_linux:9::realtime",
      "cpe:/a:redhat:enterprise_linux:9::nfv",
      "cpe:/o:redhat:enterprise_linux:9::baseos",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kernel-rt",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:2950
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2024:2394
access	www.access.redhat.com/security/cve/CVE-2023-39198
access	www.access.redhat.com/errata/RHSA-2024:3138

24 Mar 2026 11:28Current

8.5High risk

Vulners AI Score8.5

CVSS 3.17.5

EPSS0.0042

CWE-416

kernel linux qxl race condition use-after-free denial of service privilege escalation