// For flags

CVE-2023-1838

kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem.

Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that the virtio network implementation in the Linux kernel did not properly handle file references in the host, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-04-04 CVE Reserved
  • 2023-04-05 CVE Published
  • 2024-08-02 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 4.13 < 4.14.317
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 4.14.317"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 4.15 < 4.19.245
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.245"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 4.20 < 5.4.196
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.196"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 5.5 < 5.10.118
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.118"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 5.11 < 5.15.42
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.42"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 5.16 < 5.17.10
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 5.17.10"
-
Affected
Netapp
Search vendor "Netapp"
 H300s
Search vendor "Netapp" for product "H300s"
--
Affected
Netapp
Search vendor "Netapp"
 H410c
Search vendor "Netapp" for product "H410c"
--
Affected
Netapp
Search vendor "Netapp"
 H410s
Search vendor "Netapp" for product "H410s"
--
Affected
Netapp
Search vendor "Netapp"
 H500s
Search vendor "Netapp" for product "H500s"
--
Affected
Netapp
Search vendor "Netapp"
 H700s
Search vendor "Netapp" for product "H700s"
--
Affected