Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-3439
HistoryJun 28, 2023 - 12:00 a.m.

CVE-2023-3439

2023-06-2800:00:00
ubuntu.com
ubuntu.com
21
mctp protocol
linux kernel
use-after-free
denial of service
cap_net_admin privileges

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%

A flaw was found in the MCTP protocol in the Linux kernel. The function
mctp_unregister() reclaims the device’s relevant resource when a netcard
detaches. However, a running routine may be unaware of this and cause the
use-after-free of the mdev->addrs object, potentially leading to a denial
of service.

Bugs

Notes

Author Note
rodrigo-zaiden requires CAP_NET_ADMIN privileges.
OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-78.85UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1040.45UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1040.45~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1042.49UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1042.49~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure-fde< 5.15.0-1042.49.1UNKNOWN
ubuntu20.04noarchlinux-azure-fde-5.15< 5.15.0-1042.49~20.04.1.1UNKNOWN
ubuntu22.04noarchlinux-bluefield< 5.15.0-1021.23UNKNOWN
ubuntu22.04noarchlinux-gcp< 5.15.0-1038.46UNKNOWN
ubuntu20.04noarchlinux-gcp-5.15< 5.15.0-1038.46~20.04.1UNKNOWN
Rows per page:
1-10 of 291

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%