PT-2022-6717 · Linux+5 · Linux Kernel+5

Dhananjay Arunesh

Published

2022-04-22

Updated

2025-03-10

CVE-2023-3439

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw was found in the MCTP protocol in the Linux kernel. The function mctp unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

ALT-PU-2023-4894

AZL-27329

AZL-27348

BDU:2023-03668

CVE-2023-3439

USN-6246-1

USN-6255-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2022-6717 · Linux+5 · Linux Kernel+5

CVE-2023-3439

Weakness Enumeration

Related Identifiers

Affected Products

References · 38