Vulnerability Description
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.13, < 4.14.317 |
| Netapp | H300S | - |
| Netapp | H410C | - |
| Netapp | H410S | - |
| Netapp | H500S | - |
| Netapp | H700S | - |
Related Weaknesses (CWE)
References
- https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230517-0003/Third Party AdvisoryVDB Entry
- https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230517-0003/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2023-1838?
CVE-2023-1838 is a vulnerability with a CVSS score of 7.1 (HIGH). A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash...
How severe is CVE-2023-1838?
CVE-2023-1838 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1838?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp H300S, Netapp H410C, Netapp H410S, Netapp H500S.