linux kernelUAF漏洞(CVE-2023-4387)

admin

0
文章

0
评论

2023-11-29 21:22:55 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 linux kernelUAF漏洞(CVE-2023-4387)

CVE编号

CVE-2023-4387

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-08-17

漏洞描述

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

解决建议

"将组件 linux_kernel 升级至 5.18 及以上版本"

参考链接
https://access.redhat.com/security/cve/CVE-2023-4387
https://bugzilla.redhat.com/show_bug.cgi?id=2219270
https://github.com/torvalds/linux/commit/9e7fef9521e73ca8afd7da9e58c14654b02dfad8

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	amazon_2	kernel	*		Up to (excluding) 4.14.281-212.502.amzn2
	运行在以下环境
	系统	amazon_2023	kernel	*		Up to (excluding) 6.1.10-15.42.amzn2023
	运行在以下环境
	系统	amazon_AMI	kernel	*		Up to (excluding) 4.14.281-144.502.amzn1
	运行在以下环境
	系统	debian_10	linux	*		Up to (excluding) 4.19.249-1
	运行在以下环境
	系统	debian_11	linux	*		Up to (excluding) 5.10.120-1
	运行在以下环境
	系统	debian_12	linux	*		Up to (excluding) 5.17.11-1
	运行在以下环境
	系统	debian_sid	linux	*		Up to (excluding) 5.17.11-1
	运行在以下环境
	系统	linux	linux_kernel	*		Up to (excluding) 5.18
	运行在以下环境
	系统	oracle_6	kernel	*		Up to (excluding) 4.1.12-124.79.2.el7uek
	运行在以下环境
	系统	redhat	enterprise_linux	6.0	-
	运行在以下环境
	系统	redhat	enterprise_linux	7.0	-
	运行在以下环境
	系统	redhat	enterprise_linux	8.0	-
	运行在以下环境
	系统	redhat	enterprise_linux	9.0	-
	运行在以下环境
	系统	suse_12_SP5	kernel	*		Up to (excluding) 4.12.14-122.176.1
	运行在以下环境
	系统	ubuntu_18.04	linux-hwe-5.4	*		Up to (excluding) 4.15.0-191.202
	运行在以下环境
	系统	ubuntu_20.04	linux-bluefield	*		Up to (excluding) 5.4.0-1053.56
	运行在以下环境
	系统	ubuntu_22.04	linux	*		Up to (excluding) 5.15.0-1019.24
	运行在以下环境
	系统	unionos_a	kernel	*		Up to (excluding) 5.10.0-12.uelc20
	运行在以下环境
	系统	unionos_e	kernel	*		Up to (excluding) 5.10.0-12.uel20