CVE-2023-33203

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

Published: May 18, 2023
Updated: May 27, 2023
CVE: CVE-2023-33203
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	6.2.9
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=2192667
https://bugzilla.suse.com/show_bug.cgi?id=1210685
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75

Vulnerability Database

290,922

CVE-2023-33203