Vulnerability Description
A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2157270Issue TrackingPatch
- https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f1Broken LinkPatch
- https://security.netapp.com/advisory/ntap-20230413-0010/
- https://bugzilla.redhat.com/show_bug.cgi?id=2157270Issue TrackingPatch
- https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f1Broken LinkPatch
- https://security.netapp.com/advisory/ntap-20230413-0010/
- https://bugzilla.redhat.com/show_bug.cgi?id=2157270Issue TrackingPatch
FAQ
What is CVE-2023-0030?
CVE-2023-0030 is a vulnerability with a CVSS score of 7.8 (HIGH). A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or ...
How severe is CVE-2023-0030?
CVE-2023-0030 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0030?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.