A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:1659 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2023-1476 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2176035 | Issue Tracking |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2 | Mailing List Patch |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Nov 2023, 17:52
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
First Time |
Redhat
Linux Redhat enterprise Linux Server Tus Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Linux linux Kernel Redhat enterprise Linux Eus Redhat enterprise Linux For Power Little Endian |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2176035 - Issue Tracking | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1659 - Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2 - Mailing List, Patch | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-1476 - Third Party Advisory |
03 Nov 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-03 09:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-1476
Mitre link : CVE-2023-1476
CVE.ORG link : CVE-2023-1476
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_for_power_little_endian
- enterprise_linux_for_power_little_endian_eus
linux
- linux_kernel
CWE
CWE-416
Use After Free