CVE-2023-6270

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on struct net_device, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to a denial of service condition or potential code execution.

Published: Jan 4, 2024
Updated: Jan 11, 2024
CVE: CVE-2023-6270
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	39	39.x
debian / debian_linux	10.0	10.0.x
linux / linux_kernel	-	6.9

https://access.redhat.com/security/cve/CVE-2023-6270
https://bugzilla.redhat.com/show_bug.cgi?id=2256786
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/aoe?h=v6.9&id=f98364e926626c678fb4b9004b75cacf92ff0662

Vulnerability Database

290,922

CVE-2023-6270