Lucene search

K

[email protected]NVD:CVE-2023-1859

HistoryMay 17, 2023 - 11:15 p.m.

CVE-2023-1859

2023-05-1723:15:09

CWE-416

[email protected]

web.nvd.nist.gov

1

cve-2023-1859

xen

9pfs

linux kernel

use-after-free

local attacker

system crash

race problem

kernel information leak

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤6.2

OR

linuxlinux_kernelMatch6.3rc1

OR

linuxlinux_kernelMatch6.3rc2

OR

linuxlinux_kernelMatch6.3rc3

OR

linuxlinux_kernelMatch6.3rc4

OR

linuxlinux_kernelMatch6.3rc5

OR

linuxlinux_kernelMatch6.3rc6

References

lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz%40163.com/

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2023-1859

nessus34 redhatcve1 cve1 cbl_mariner2 ubuntu14 prion1 openvas30 debiancve1 fedora3 osv13 ubuntucve1 cvelist1 mageia2 photon2 debian2 slackware1 redos1 ics1