Vulnerability Details : CVE-2023-5178
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
Vulnerability category: Memory CorruptionExecute codeGain privilege
Products affected by CVE-2023-5178
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5178
3.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5178
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-01-16 |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Red Hat, Inc. | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Red Hat, Inc. | 2024-01-15 |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
N/A
|
N/A
|
RedHat-CVE-2023-5178 |
CWE ids for CVE-2023-5178
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-5178
-
https://access.redhat.com/security/cve/CVE-2023-5178
CVE-2023-5178- Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7548
RHSA-2023:7548 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20231208-0004/
CVE-2023-5178 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0378
RHSA-2024:0378 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1269
RHSA-2024:1269 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7418
RHSA-2023:7418 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1278
RHSA-2024:1278 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0554
RHSA-2024:0554 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7559
RHSA-2023:7559 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7557
RHSA-2023:7557 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0432
RHSA-2024:0432 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0461
RHSA-2024:0461 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7549
RHSA-2023:7549 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7554
RHSA-2023:7554 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/
[PATCH] nvmet-tcp: Fix a possible UAF in queue intialization setup - Sagi GrimbergMailing List;Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2023:7370
RHSA-2023:7370 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0412
RHSA-2024:0412 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0386
RHSA-2024:0386 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7551
RHSA-2023:7551 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0431
RHSA-2024:0431 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7379
RHSA-2023:7379 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0575
RHSA-2024:0575 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
[SECURITY] [DLA 3711-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2241924
2241924 – (CVE-2023-5178) CVE-2023-5178 kernel: use after free in nvmet_tcp_free_crypto in NVMeIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0340
RHSA-2024:0340 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1268
RHSA-2024:1268 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to