CVE-2023-23039
Published: October 18, 2023Last modified: April 16, 2024
Description
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.7 |
Attack Vector | PHYSICAL |
Attack complexity | HIGH |
Privileges required | NONE |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | NONE |
Integrity impact | HIGH |
Availability impact | HIGH |
Vector | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | Stream | linux-lts | Not affected (6.1.33-r0) |