Published: 09/11/2023 Updated: 30/04/2024

CVSS v3 Base Score: 6.4 | Impact Score: 5.9 | Exploitability Score: 0.5

VMScore: 0

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an malicious user to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 6.5
linux linux kernel
fedoraproject fedora 38
redhat enterprise linux 8.0
redhat enterprise linux 9.0

A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel (CVE-2023-39198) An issue was discovered in the Linux kernel through 659 During a race with SQ thread exit, an io_uring/fdinfoc io_uring_show_fdinfo NULL pointer dereference can occur (CVE-2023-46862) An out-of-bounds read vulnerability was foun ...

A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel (CVE-2023-39198) A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object ...

CWE-416 https://access.redhat.com/security/cve/CVE-2023-39198 https://bugzilla.redhat.com/show_bug.cgi?id=2218332 https://access.redhat.com/errata/RHSA-2024:2394 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-045.html

CVE-2023-39198

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect