PT-2023-1616 · Linux+2 · Linux Kernel+2

Published

2023-01-02

Updated

2026-03-14

CVE-2023-23039

CVSS v3.1

5.7

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.2.0-rc2

Description The issue is related to a race condition in the Linux kernel, specifically in the drivers/tty/vcc.c component. This condition can lead to a use-after-free scenario if an attacker physically removes a VCC device while the open() function is being called. The race condition occurs between the vcc open() and vcc remove() functions. The exploitation of this issue may allow an attacker to impact the integrity and availability of protected information.

Recommendations For Linux kernel versions through 6.2.0-rc2, as a temporary workaround, consider restricting access to the vcc open() and vcc remove() functions to minimize the risk of exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2023-1434

ALT-PU-2023-1539

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-13820

BDU:2023-01125

CVE-2023-23039

ECHO-5E00-E484-F600

Affected Products

Alt Linux

Debian

Linux Kernel

PT-2023-1616 · Linux+2 · Linux Kernel+2

CVE-2023-23039

Weakness Enumeration

Related Identifiers

Affected Products

References · 16