8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.1%
A use-after-free vulnerability was found in drivers/nvme/target/tcp.cin
nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in
the Linux kernel. This issue may allow a malicious user to cause a
use-after-free and double-free problem, which may permit remote code
execution or lead to local privilege escalation.
Author | Note |
---|---|
rodrigo-zaiden | first publication of USN-6536-1 wrongly announced that linux-azure on mantic fixed this issue in version 6.5.0-1009.9. It was fixed with USN-6573-1. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-169.187 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-91.101 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-39.40 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-14.14 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1116.126 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1051.56 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1017.17 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1011.11 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/d920abd1e7c4884f9ecd0749d1921b7ab19ddfbd
launchpad.net/bugs/cve/CVE-2023-5178
lore.kernel.org/linux-nvme/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2023-5178
security-tracker.debian.org/tracker/CVE-2023-5178
ubuntu.com/security/notices/USN-6497-1
ubuntu.com/security/notices/USN-6534-1
ubuntu.com/security/notices/USN-6534-2
ubuntu.com/security/notices/USN-6534-3
ubuntu.com/security/notices/USN-6536-1
ubuntu.com/security/notices/USN-6537-1
ubuntu.com/security/notices/USN-6548-1
ubuntu.com/security/notices/USN-6548-2
ubuntu.com/security/notices/USN-6548-3
ubuntu.com/security/notices/USN-6548-4
ubuntu.com/security/notices/USN-6548-5
ubuntu.com/security/notices/USN-6549-1
ubuntu.com/security/notices/USN-6549-2
ubuntu.com/security/notices/USN-6549-3
ubuntu.com/security/notices/USN-6549-4
ubuntu.com/security/notices/USN-6549-5
ubuntu.com/security/notices/USN-6573-1
ubuntu.com/security/notices/USN-6635-1
www.cve.org/CVERecord?id=CVE-2023-5178
www.openwall.com/lists/oss-security/2023/10/15/1
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.1%