Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-6270

Published: 04/01/2024 Updated: 10/01/2024
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 0
Subscribe to Linux

Vulnerability Summary

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. (CVE-2023-6270) In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel up to and including 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. (CVE-2024-23849)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel -

fedoraproject fedora 39

Vendor Advisories

Amazon Linux AMI: ALAS-2024-1923
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue This could lead to a denial of service condition or potentia ...
Red Hat:
Description<!---->A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue This could lead to a denial of service con ...
Amazon Linux 2: ALAS-2024-2475
dm_table_create in drivers/md/dm-tablec in the Linux kernel through 674 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctltarget_count (CVE-2023-52429) A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel The aoecmd_cfg_pkts() function improperly ...
Amazon Linux 2: ALASKERNEL-5.4-2024-062
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue This could lead to a denial of service condition or potentia ...
Amazon Linux 2: ALASKERNEL-5.10-2024-053
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue This could lead to a denial of service condition or potentia ...

References

CWE-416https://access.redhat.com/security/cve/CVE-2023-6270https://bugzilla.redhat.com/show_bug.cgi?id=2256786https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2024-1923.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook