CVE-2023-6270

2024-01-0400:00:00

ubuntu.com

linux kernel

ata over ethernet

denial of service

code execution

bugzilla

use-after-free

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel.
The aoecmd_cfg_pkts() function improperly updates the refcnt on struct net_device, and a use-after-free can be triggered by racing between the
free on the struct and the access through the skbtxq global queue. This
could lead to a denial of service condition or potential code execution.

Bugs

Notes

Author	Note
	Priority reason: A use-after-free vulnerability accessible from an unprivileged user

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-226.238UNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< 5.15.0-112.122UNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< 6.8.0-35.35UNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< 4.4.0-256.290UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1169.182UNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1063.69UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-226.238	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-112.122	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< 6.8.0-35.35	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-256.290	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1169.182	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1063.69	UNKNOWN