UAF in Linux NVMe/TCP nvmet_tcp_free_crypto enabling RCE
CVE-2023-5178 Published on November 1, 2023

Kernel: use after free in nvmet_tcp_free_crypto in nvme
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-5178 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Timeline

2023-10-03

Reported to Red Hat.

2023-10-15

Made public. 12 days later.

Weakness Type

CWE-1341

Products Associated with CVE-2023-5178

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5178 are published in these products:

Linux Kernel

Red Hat Enterprise Linux (RHEL)

Canonical Ubuntu Linux

NetApp Solidfire Hci Management Node

NetApp Active Iq Unified Manager

NetApp Solidfire Hci Storage Node

Red Hat Rhel E4s

Red Hat Rhel Tus

Red Hat Rhel Aus

Red Hat Rhel Eus

Red Hat Rhev Hypervisor

Linux Kernel

Affected Versions

Red Hat Enterprise Linux 8:

Version 0:4.18.0-513.9.1.rt7.311.el8_9 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:4.18.0-513.9.1.el8_9 and below * is unaffected.

Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8.2 Advanced Update Support:

Version 0:4.18.0-193.128.1.el8_2 and below * is unaffected.

Red Hat Enterprise Linux 8.2 Telecommunications Update Service:

Version 0:4.18.0-193.128.1.rt13.179.el8_2 and below * is unaffected.

Red Hat Enterprise Linux 8.2 Telecommunications Update Service:

Version 0:4.18.0-193.128.1.el8_2 and below * is unaffected.

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions:

Version 0:4.18.0-193.128.1.el8_2 and below * is unaffected.

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support:

Version 0:4.18.0-305.114.1.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Telecommunications Update Service:

Version 0:4.18.0-305.114.1.rt7.190.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Telecommunications Update Service:

Version 0:4.18.0-305.114.1.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions:

Version 0:4.18.0-305.114.1.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions: Red Hat Enterprise Linux 8.6 Extended Update Support: Red Hat Enterprise Linux 8.6 Extended Update Support:

Version 0:4.18.0-372.87.1.el8_6 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Extended Update Support: Red Hat Enterprise Linux 8.8 Extended Update Support:

Version 0:4.18.0-477.43.1.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:5.14.0-362.18.1.el9_3 and below * is unaffected.

Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 9:

Version 0:5.14.0-362.18.1.el9_3 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Extended Update Support:

Version 0:5.14.0-70.85.1.el9_0 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Extended Update Support:

Version 0:5.14.0-70.85.1.rt21.156.el9_0 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Extended Update Support: Red Hat Enterprise Linux 9.2 Extended Update Support:

Version 0:5.14.0-284.40.1.el9_2 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Extended Update Support:

Version 0:5.14.0-284.40.1.rt14.325.el9_2 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Extended Update Support: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8:

Version 0:4.18.0-372.87.1.el8_6 and below * is unaffected.

Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 9:

Exploit Probability

EPSS

8.36%

Percentile

92.12%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

UAF in Linux NVMe/TCP nvmet_tcp_free_crypto enabling RCECVE-2023-5178 Published on November 1, 2023

Vulnerability Analysis

Timeline

Weakness Type

Products Associated with CVE-2023-5178

Affected Versions

Exploit Probability

UAF in Linux NVMe/TCP nvmet_tcp_free_crypto enabling RCE
CVE-2023-5178 Published on November 1, 2023