CVE-2023-1652

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.

Published: Mar 29, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-1652
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.2-rc1	6.2-rc1.x
linux / linux_kernel	6.2-rc2	6.2-rc2.x
linux / linux_kernel	6.2-rc3	6.2-rc3.x
linux / linux_kernel	6.2-rc4	6.2-rc4.x
redhat / enterprise_linux	9.0	9.0.x
linux / linux_kernel	5.16	6.1.9
linux / linux_kernel	5.14	5.15.91

https://access.redhat.com/security/cve/cve-2023-1652
https://security.netapp.com/advisory/ntap-20230511-0006/

Vulnerability Database

291,049

CVE-2023-1652