PT-2023-1616 · Linux+2 · Linux Kernel+2

Publicado

2023-01-02

Atualizado

2026-03-14

CVE-2023-23039

CVSS v3.1

5.7

Média

Vetor

AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.2.0-rc2

Description The issue is related to a race condition in the Linux kernel, specifically in the drivers/tty/vcc.c component. This condition can lead to a use-after-free scenario if an attacker physically removes a VCC device while the open() function is being called. The race condition occurs between the vcc open() and vcc remove() functions. The exploitation of this issue may allow an attacker to impact the integrity and availability of protected information.

Recommendations For Linux kernel versions through 6.2.0-rc2, as a temporary workaround, consider restricting access to the vcc open() and vcc remove() functions to minimize the risk of exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALT-PU-2023-1434

ALT-PU-2023-1539

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-13820

BDU:2023-01125

CVE-2023-23039

ECHO-5E00-E484-F600

Produtos afetados

Alt Linux

Debian

Linux Kernel

PT-2023-1616 · Linux+2 · Linux Kernel+2

CVE-2023-23039

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16