CVE-2023-4387

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

Published: Aug 16, 2023
Updated: Aug 23, 2023
CVE: CVE-2023-4387
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
linux / linux_kernel	4.10	4.14.281
linux / linux_kernel	4.15	4.19.245
linux / linux_kernel	4.20	5.4.196
linux / linux_kernel	5.5	5.10.118
linux / linux_kernel	5.11	5.15.42
linux / linux_kernel	5.16	5.17.10
linux / linux_kernel	4.4	4.9.316
linux / linux_kernel	3.16.60	3.17

https://access.redhat.com/errata/RHSA-2022:7683
https://access.redhat.com/errata/RHSA-2022:8267
https://access.redhat.com/security/cve/CVE-2023-4387
https://bugzilla.redhat.com/show_bug.cgi?id=2219270
https://github.com/torvalds/linux/commit/9e7fef9521e73ca8afd7da9e58c14654b02dfad8

Vulnerability Database

290,301

CVE-2023-4387