1. Home
  2. Vulnerabilities
  3. CVE-2023-1192

CVE-2023-1192

CVSS v3.1 6.5 (Medium)
65% Progress
EPSS 0.05 % (20th)
0.05% Progress
Affected Products 2
Advisories 25
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2023-11-01 20:15:08
(10 months ago)
Updated Date
2024-03-07 17:15:09
(6 months ago)

Affected Products

Linux

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 6.4 version cpe:2.3:o:linux:linux_kernel < 6.4

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Linux 9.0 cpe:2.3:o:redhat:enterprise_linux:9.0