A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
12 Mar 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Mar 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Feb 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. |
30 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jan 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jan 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jan 2024, 19:43
Type | Values Removed | Values Added |
---|---|---|
Summary | A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem. | |
CPE | cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References |
|
|
References | () https://access.redhat.com/errata/RHSA-2023:7551 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7379 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7559 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7557 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7418 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20231208-0004/ - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7548 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7554 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7549 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7370 - Third Party Advisory |
08 Dec 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem. |
29 Nov 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-01 17:15
Updated : 2024-04-03 14:15
NVD link : CVE-2023-5178
Mitre link : CVE-2023-5178
CVE.ORG link : CVE-2023-5178
JSON object : View
Products Affected
redhat
- enterprise_linux
netapp
- active_iq_unified_manager
- solidfire_\&_hci_storage_node
- solidfire_\&_hci_management_node
linux
- linux_kernel
CWE
CWE-416
Use After Free