CVE-2023-35827

2023-06-1800:00:00

ubuntu.com

linux kernel

use-after-free

ravb_remove

drivers

net

ethernet

renesas

bugzilla

redhat

suse

device removal

exploit

physical access

privileged access

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in the Linux kernel through 6.3.8. A use-after-free
was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.

Bugs

Notes

Author	Note
	Priority reason: Requires device removal to exploit, which requires either physical access or privileged access.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-171.189UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-94.104UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-17.17UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1118.128UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1053.58UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1013.13UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1053.58~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1118.128~18.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1123.130UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1056.64UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< 5.4.0-171.189	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-94.104	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-17.17	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1118.128	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1053.58	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1013.13	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1053.58~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1118.128~18.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< 5.4.0-1123.130	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1056.64	UNKNOWN