CVE-2023-52667

net/mlx5e: fix a potential double-free in fs_any_create_groups

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: fix a potential double-free in fs_any_create_groups

When kcalloc() for ft->g succeeds but kvzalloc() for in fails,
fs_any_create_groups() will free ft->g. However, its caller
fs_any_create_table() will free ft->g again through calling
mlx5e_destroy_flow_table(), which will lead to a double-free.
Fix this by setting ft->g to NULL in fs_any_create_groups().

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: corrige una posible double free en fs_any_create_groups Cuando kcalloc() para ft->g tiene éxito pero kvzalloc() para in falla, fs_any_create_groups() liberará ft-> gramo. Sin embargo, su llamador fs_any_create_table() liberará ft->g nuevamente llamando a mlx5e_destroy_flow_table(), lo que conducirá a un double free. Solucione este problema configurando ft->g en NULL en fs_any_create_groups().

A double-free flaw was found in the Linux kernel ConnectX-4 and Connect-IB cards in the Mellanox driver. This issue could allow a local user to crash the system.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.7

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-07 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-415: Double Free

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/0f575c20bf0686caf3d82d6c626c2e1e4a4c36e6	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/72a729868592752b5a294d27453da264106983b1	2024-02-23
https://git.kernel.org/stable/c/b2fa86b2aceb4bc9ada51cea90f61546d7512cbe	2024-02-01
https://git.kernel.org/stable/c/2897c981ee63e1be5e530b1042484626a10b26d8	2024-02-01
https://git.kernel.org/stable/c/65a4ade8a6d205979292e88beeb6a626ddbd4779	2024-02-01
https://git.kernel.org/stable/c/aef855df7e1bbd5aa4484851561211500b22707e	2024-01-24

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52667	2024-07-29
https://bugzilla.redhat.com/show_bug.cgi?id=2281350	2024-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.1.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.6.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.8"		en		Affected