PT-2023-2854 · Linux+7 · Linux Kernel+7

Zheng Wang

Published

2023-03-20

Updated

2024-11-21

CVE-2023-33203

CVSS v3.1

6.4

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.9

Description The issue is related to a race condition and resultant use-after-free in the Linux kernel, specifically in the drivers/net/ethernet/qualcomm/emac/emac.c module. This occurs when a physically proximate attacker unplugs an emac based device, potentially allowing the attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the emac remove() function.

Recommendations For Linux kernel versions prior to 6.2.9, update to version 6.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the emac module to minimize the risk of exploitation.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2023:7077

ALT-PU-2023-1542

ALT-PU-2023-1650

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-26796

BDU:2023-02800

CESA-2023_6901

CESA-2023_7077

CVE-2023-33203

RHSA-2023:6583

RHSA-2023:6901

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_6901

RHSA-2023_7077

RHSA-2024:0412

RHSA-2024:0575

USN-6175-1

USN-6186-1

USN-6284-1

USN-6300-1

USN-6301-1

USN-6311-1

USN-6312-1

USN-6314-1

USN-6331-1

USN-6332-1

USN-6337-1

USN-6347-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Ubuntu

PT-2023-2854 · Linux+7 · Linux Kernel+7

CVE-2023-33203

Weakness Enumeration

Related Identifiers

Affected Products

References · 199