A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:1659 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2023-1476 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2176035 | Issue Tracking |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2 | Mailing List Patch |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Nov 2023, 17:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
CWE | CWE-416 | |
First Time |
Linux
Redhat Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Eus Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Tus Redhat enterprise Linux Linux linux Kernel |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2176035 - Issue Tracking | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2 - Mailing List, Patch | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1659 - Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-1476 - Third Party Advisory |
03 Nov 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-03 09:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-1476
Mitre link : CVE-2023-1476
CVE.ORG link : CVE-2023-1476
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_for_power_little_endian
- enterprise_linux_eus
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_server_tus
linux
- linux_kernel
CWE
CWE-416
Use After Free