Kernel UAF in vhost_net_set_backend (virtio-net) via double fget
CVE-2023-1838 Published on April 5, 2023

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2023-1838 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2023-1838

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-1838 are published in these products:

Linux Kernel

NetApp H300s

NetApp H500s

NetApp H700s

NetApp H410s

NetApp H410c

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.02%

Percentile

4.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Kernel UAF in vhost_net_set_backend (virtio-net) via double fgetCVE-2023-1838 Published on April 5, 2023

Weakness Type

What is a Dangling pointer Vulnerability?

Products Associated with CVE-2023-1838

Exploit Probability

Kernel UAF in vhost_net_set_backend (virtio-net) via double fget
CVE-2023-1838 Published on April 5, 2023