Executive Summary

Informations
Name CVE-2023-5178 First vendor Publication 2023-11-01
Vendor Cve Last vendor Modification 2024-02-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-416 Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Application 1
Application 1
Application 1
Os 3554
Os 2

Sources (Detail)

https://access.redhat.com/errata/RHSA-2023:7370
https://access.redhat.com/errata/RHSA-2023:7379
https://access.redhat.com/errata/RHSA-2023:7418
https://access.redhat.com/errata/RHSA-2023:7548
https://access.redhat.com/errata/RHSA-2023:7549
https://access.redhat.com/errata/RHSA-2023:7551
https://access.redhat.com/errata/RHSA-2023:7554
https://access.redhat.com/errata/RHSA-2023:7557
https://access.redhat.com/errata/RHSA-2023:7559
https://access.redhat.com/errata/RHSA-2024:0340
https://access.redhat.com/errata/RHSA-2024:0378
https://access.redhat.com/errata/RHSA-2024:0386
https://access.redhat.com/errata/RHSA-2024:0412
https://access.redhat.com/errata/RHSA-2024:0431
https://access.redhat.com/errata/RHSA-2024:0432
https://access.redhat.com/errata/RHSA-2024:0461
https://access.redhat.com/errata/RHSA-2024:0554
https://access.redhat.com/errata/RHSA-2024:0575
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
https://security.netapp.com/advisory/ntap-20231208-0004/
Source Url
MISC https://access.redhat.com/security/cve/CVE-2023-5178
https://bugzilla.redhat.com/show_bug.cgi?id=2241924
https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Date Informations
2024-02-08 00:27:47
  • Multiple Updates
2024-02-01 21:28:06
  • Multiple Updates
2024-02-01 17:26:55
  • Multiple Updates
2024-02-01 13:27:50
  • Multiple Updates
2024-02-01 12:31:29
  • Multiple Updates
2024-01-31 02:38:38
  • Multiple Updates
2024-01-31 02:37:28
  • Multiple Updates
2024-01-30 21:27:49
  • Multiple Updates
2024-01-30 09:27:45
  • Multiple Updates
2024-01-25 21:27:47
  • Multiple Updates
2024-01-25 13:27:50
  • Multiple Updates
2024-01-17 00:27:43
  • Multiple Updates
2024-01-15 21:27:39
  • Multiple Updates
2024-01-12 00:27:50
  • Multiple Updates
2023-12-29 02:39:19
  • Multiple Updates
2023-12-09 00:27:44
  • Multiple Updates
2023-12-05 17:27:42
  • Multiple Updates
2023-11-29 05:27:45
  • Multiple Updates
2023-11-28 21:27:43
  • Multiple Updates
2023-11-22 02:37:41
  • Multiple Updates
2023-11-21 21:27:46
  • Multiple Updates
2023-11-21 17:27:50
  • Multiple Updates
2023-11-09 21:27:37
  • Multiple Updates
2023-11-07 21:27:13
  • Multiple Updates
2023-11-01 21:27:23
  • First insertion