CVE-2023-39198
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.5-rc1 | 6.5-rc1.x |
| linux / linux_kernel | - | 6.5 |
| linux / linux_kernel | 6.5-rc2 | 6.5-rc2.x |
| linux / linux_kernel | 6.5-rc3 | 6.5-rc3.x |
| linux / linux_kernel | 6.5-rc4 | 6.5-rc4.x |
| linux / linux_kernel | 6.5-rc5 | 6.5-rc5.x |
| linux / linux_kernel | 6.5-rc6 | 6.5-rc6.x |
| fedoraproject / fedora | 38 | 38.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / enterprise_linux | 9.0 | 9.0.x |
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-39198
- https://bugzilla.redhat.com/show_bug.cgi?id=2218332
- https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime