PT-2023-2854 · Linux+7 · Linux Kernel+7

Zheng Wang

Publicado

2023-03-20

Atualizado

2024-11-21

CVE-2023-33203

CVSS v3.1

6.4

Média

Vetor

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.9

Description The issue is related to a race condition and resultant use-after-free in the Linux kernel, specifically in the drivers/net/ethernet/qualcomm/emac/emac.c module. This occurs when a physically proximate attacker unplugs an emac based device, potentially allowing the attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the emac remove() function.

Recommendations For Linux kernel versions prior to 6.2.9, update to version 6.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the emac module to minimize the risk of exploitation.

Correção

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALSA-2023:7077

ALT-PU-2023-1542

ALT-PU-2023-1650

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-26796

BDU:2023-02800

CESA-2023_6901

CESA-2023_7077

CVE-2023-33203

RHSA-2023:6583

RHSA-2023:6901

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_6901

RHSA-2023_7077

RHSA-2024:0412

RHSA-2024:0575

USN-6175-1

USN-6186-1

USN-6284-1

USN-6300-1

USN-6301-1

USN-6311-1

USN-6312-1

USN-6314-1

USN-6331-1

USN-6332-1

USN-6337-1

USN-6347-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Ubuntu

PT-2023-2854 · Linux+7 · Linux Kernel+7

CVE-2023-33203

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 199