Vulnerabilities > CVE-2023-4133 - Use After Free vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

NVD

Published: 2023-08-03

Updated: 2024-04-30

Summary

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 2.4.35.2 Linux Linux Kernel 2.6.2 Linux Linux Kernel 2.6.8 Linux Linux Kernel 2.6.8.1 Linux Linux Kernel 2.6.9 Linux Linux Kernel 2.6.18.4 Linux Linux Kernel 2.6.18.5 Linux Linux Kernel 2.6.18.6 Linux Linux Kernel 2.6.19 Linux Linux Kernel 2.6.19.0 Linux Linux Kernel 2.6.19.1 Linux Linux Kernel 2.6.19.2 Linux Linux Kernel 2.6.19.3 Linux Linux Kernel 2.6.19.4 Linux Linux Kernel 2.6.20 Linux Linux Kernel 2.6.20.1 Linux Linux Kernel 2.6.20.2 Linux Linux Kernel 2.6.20.3 Linux Linux Kernel 2.6.20.4 Linux Linux Kernel 2.6.20.5 Linux Linux Kernel 2.6.20.6 Linux Linux Kernel 2.6.20.7 Linux Linux Kernel 2.6.20.10 Linux Linux Kernel 2.6.20.11 Linux Linux Kernel 2.6.20.12 Linux Linux Kernel 2.6.20.13 Linux Linux Kernel 2.6.20.14 Linux Linux Kernel 2.6.21 Linux Linux Kernel 2.6.22.3 Linux Linux Kernel 2.6.22.4 Linux Linux Kernel 2.6.22.5 Linux Linux Kernel 2.6.22.6 Linux Linux Kernel 2.6.22.7	46
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2
OS	Fedoraproject Fedoraproject Fedora -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References