CVE-2023-51782

Published Jan 11, 2024

Last updated 10 months ago

CVSS high 7.0

Overview

Description: An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5C35A7D-82A5-436F-925A-384D92679784",
            "versionEndExcluding": "6.6.8",
            "versionStartExcluding": "2.6.12"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References