CVE-2023-1855

MEDIUM6.3

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon

Published Apr 5, 2023

Modified 11 months ago

No fix available

Details

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.

References

WEBhttps://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 WEBhttps://lists.debian.org/debian-lts-announce/2023/05/msg00005.html WEBhttps://lists.debian.org/debian-lts-announce/2023/05/msg00006.html WEBhttps://lore.kernel.org/all/20230318122758.2140868-1-linux%40roeck-us.net/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-1855

CVSS Analysis

CVSS v3.1

6.3

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

HighA:H

6.3/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness Type (CWE)

Memory Safety

CWE-416

Use After Free

Ecosystems

Timeline

PublishedApr 5, 2023

ModifiedFeb 12, 2025