Lucene search

GoogleOSV:CVE-2023-6039

HistoryNov 09, 2023 - 3:15 p.m.

CVE-2023-6039

2023-11-0915:15:09

Google

osv.dev

use-after-free

lan78xx_disconnect

drivers/net/usb/lan78xx

network sub-component

linux kernel

local attacker

crash

lan78xx usb device

detaches

software

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

CPENameOperatorVersion
linuxeq2.6.20-rc5
linuxeq2.6.22
linuxeq4.5-rc7
linuxeq5.6-rc4
linuxeq4.17-rc2
linuxeq3.4-rc7
linuxeq5.5-rc3
linuxeq4.13-rc2
linuxeq2.6.14-rc3
linuxeq2.6.31-rc8

Name	Operator	Version
linux	eq	2.6.20-rc5
linux	eq	2.6.22
linux	eq	4.5-rc7
linux	eq	5.6-rc4
linux	eq	4.17-rc2
linux	eq	3.4-rc7
linux	eq	5.5-rc3
linux	eq	4.13-rc2
linux	eq	2.6.14-rc3
linux	eq	2.6.31-rc8