Lucene search

K
redhatcveRedhat.comRH:CVE-2023-1838
HistoryApr 04, 2023 - 4:43 p.m.

CVE-2023-1838

2023-04-0416:43:16
redhat.com
access.redhat.com
17

0.0004 Low

EPSS

Percentile

5.2%

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem.

Mitigation

This flaw can be mitigated by preventing the affected Host kernel accelerator (vhost-net) kernel module from loading during the boot time, ensure the module is added to the blacklist file.

Refer:    
How do I blacklist a kernel module to prevent it from loading automatically?   
https://access.redhat.com/solutions/41278