7.8
CVE-2023-6932
- EPSS 0.05%
- Veröffentlicht 19.12.2023 14:15:08
- Zuletzt bearbeitet 25.11.2025 17:29:00
- Quelle cve-coordination@google.com
- CVE-Watchlists
- Unerledigt
LoginA use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Linux ≫ Linux Kernel Version < 4.14.332
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.301
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.263
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.203
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.142
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.66
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.152 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cve-coordination@google.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.