First published: Wed Nov 08 2023(Updated: )
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Kernel | <6.5 | 6.5 |
Linux Linux kernel | <6.5 | |
Linux Linux kernel | =6.5-rc1 | |
Linux Linux kernel | =6.5-rc2 | |
Linux Linux kernel | =6.5-rc3 | |
Linux Linux kernel | =6.5-rc4 | |
debian/linux | <=6.1.115-1<=6.1.119-1 | 5.10.223-1 5.10.226-1 6.12.5-1 |
<6.5 | ||
=6.5-rc1 | ||
=6.5-rc2 | ||
=6.5-rc3 | ||
=6.5-rc4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6039 is a use-after-free vulnerability in the lan78xx_disconnect function in the drivers/net/usb/lan78xx.c file in the Linux Kernel.
The severity of CVE-2023-6039 is medium with a score of 5.5.
Red Hat Kernel 6.5 is affected by CVE-2023-6039.
A local attacker can exploit CVE-2023-6039 by detaching the LAN78XX USB device, which causes a use-after-free flaw and may crash the system.
More information about CVE-2023-6039 can be found at the Red Hat Security Advisory and the GitHub commit referenced in the description.