First published: Wed May 18 2022(Updated: )
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel 5.18 | <25 | 25 |
Linux Kernel | <5.18_25 | |
Linux Kernel | >=4.13<4.14.317 | |
Linux Kernel | >=4.15<4.19.245 | |
Linux Kernel | >=4.20<5.4.196 | |
Linux Kernel | >=5.5<5.10.118 | |
Linux Kernel | >=5.11<5.15.42 | |
Linux Kernel | >=5.16<5.17.10 | |
NetApp H300S Firmware | ||
NetApp H410C Firmware | ||
NetApp H410S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1838 has a high severity due to the potential for local attackers to crash systems or exploit kernel information leaks.
To fix CVE-2023-1838, update your Linux kernel to versions that are patched, such as those above 5.18 and specified remedied versions from Debian and IBM.
CVE-2023-1838 affects various versions of the Linux kernel, IBM Security Verify Governance, and specific NetApp models.
CVE-2023-1838 is a use-after-free vulnerability in the Linux kernel, specifically in the vhost_net_set_backend function.
While CVE-2023-1838 primarily allows for system crashes and information leaks, it does not directly lead to remote code execution.