First published: Wed Apr 05 2023(Updated: )
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Kernel | <6.3 | 6.3 |
Linux Kernel | <6.3 | |
Linux Kernel | >=4.9<4.14.311 | |
Linux Kernel | >=4.15<4.19.279 | |
Linux Kernel | >=4.20<5.4.238 | |
Linux Kernel | >=5.5<5.10.176 | |
Linux Kernel | >=5.11<5.15.104 | |
Linux Kernel | >=5.16<6.1.21 | |
Linux Kernel | >=6.2<6.2.8 | |
Linux Kernel | =6.3-rc1 | |
Linux Kernel | =6.3-rc2 | |
Linux Kernel | =6.3-rc3 | |
Debian GNU/Linux | =10.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
Debian | =10.0 | |
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
IBM Security Verify Governance, Identity Manager | <=ISVG 10.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1855 has a high severity due to its potential to cause system crashes and kernel information leaks.
To fix CVE-2023-1855, update your Kernel to version 6.3 or upgrade to specified fixed versions in Debian and IBM Security Verify components.
CVE-2023-1855 affects the Hardware Monitoring Linux Kernel Driver in various Linux kernel versions prior to 6.3 and specific versions of IBM Security Verify components.
CVE-2023-1855 is primarily a local vulnerability, meaning it requires local access to exploit the use-after-free flaw.
Currently, there is no recommended workaround for CVE-2023-1855, so applying the available updates is the best mitigation strategy.