Lucene search

K
redhatcveRedhat.comRH:CVE-2023-33203
HistoryJun 19, 2023 - 3:14 p.m.

CVE-2023-33203

2023-06-1915:14:48
redhat.com
access.redhat.com
19
cve-2023-33203
linux kernel
qualcomm emac
race condition
use-after-free
system crash

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.4%

A race condition vulnerability was found in the Linux kernel’s Qualcomm EMAC Gigabit Ethernet Controller when the user physically removes the device before cleanup in the emac_remove function. This flaw can eventually result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.4%