CVE-2023-52664

CVE Details

Release Date:2024-05-17

Description


In the Linux kernel, the following vulnerability has been resolved:\nnet: atlantic: eliminate double free in error handling logic\nDriver has a logic leak in ring data allocation/free,\nwhere aq_ring_free could be called multiple times on same ring,\nif system is under stress and got memory allocation error.\nRing pointer was used as an indicator of failure, but this is\nnot correct since only ring data is allocated/deallocated.\nRing itself is an array member.\nChanging ring allocation functions to return error code directly.\nThis simplifies error handling and eliminates aq_ring_free\non higher layer.

See more information about CVE-2023-52664 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 9 (kernel)ELSA-2024-93152024-11-14


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete