CVE-2023-6270

Updated: 2024-11-30 03:53:11.985916

Description:

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.0 HIGH Released 2024-07-04 11:20:53
AlmaLinux 9.2 FIPS kernel 5.14.0 7.0 HIGH Released 2024-07-04 11:20:53
CentOS 6 ELS kernel 2.6.32 7.0 HIGH Released CLSA-2024:1724774331 2024-09-09 12:20:27
CentOS 7 ELS kernel 3.10.0 7.0 HIGH Released 2024-08-21 12:22:52
CentOS 8.4 ELS kernel 4.18.0 7.0 HIGH Not Vulnerable 2024-07-08 10:11:30
CentOS 8.5 ELS kernel 4.18.0 7.0 HIGH Not Vulnerable 2024-07-08 10:11:30
CloudLinux 6 ELS kernel 2.6.32 7.0 HIGH Ignored 2025-01-10 22:44:00
Oracle Linux 6 ELS kernel 2.6.32 7.0 HIGH Released CLSA-2024:1725187614 2024-09-01 12:18:36
Ubuntu 16.04 ELS linux 4.4.0 7.0 HIGH Released 2024-07-04 14:20:10
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.0 HIGH Released 2024-07-04 11:20:54
Total: 11