Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-5178

UNKNOWN
Published 2023-11-01T16:32:20.350Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-5178. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
8.8
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.053
probability
of exploitation in the wild

There is a 5.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.930
Higher than 93.0% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:4.18.0-513.9.1.rt7.311.el8_9
Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:4.18.0-513.9.1.el8_9
Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

Affected Versions:

0:4.18.0-193.128.1.el8_2
Red Hat

Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Affected Versions:

0:4.18.0-193.128.1.rt13.179.el8_2
Red Hat

Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Affected Versions:

0:4.18.0-193.128.1.el8_2
Red Hat

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Affected Versions:

0:4.18.0-193.128.1.el8_2
Red Hat

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected Versions:

0:4.18.0-305.114.1.el8_4
Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected Versions:

0:4.18.0-305.114.1.rt7.190.el8_4
Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected Versions:

0:4.18.0-305.114.1.el8_4
Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected Versions:

0:4.18.0-305.114.1.el8_4
Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

Affected Versions:

0:4.18.0-372.87.1.el8_6
Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

Affected Versions:

0:4.18.0-477.43.1.el8_8
Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:5.14.0-362.18.1.el9_3
Red Hat

Red Hat Enterprise Linux 9

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:5.14.0-362.18.1.el9_3
Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

Affected Versions:

0:5.14.0-70.85.1.el9_0
Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

Affected Versions:

0:5.14.0-70.85.1.rt21.156.el9_0
Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Affected Versions:

0:5.14.0-284.40.1.el9_2
Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Affected Versions:

0:5.14.0-284.40.1.rt14.325.el9_2
Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Red Hat

Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Affected Versions:

0:4.18.0-372.87.1.el8_6
Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-xr9j-c7v6-7542

Advisory Details

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-5178
WEB https://security.netapp.com/advisory/ntap-20231208-0004
WEB https://lore.kernel.org/linux-nvme/[email protected]
WEB https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2241924
WEB https://access.redhat.com/security/cve/CVE-2023-5178
WEB https://access.redhat.com/errata/RHSA-2024:1278
WEB https://access.redhat.com/errata/RHSA-2024:1269
WEB https://access.redhat.com/errata/RHSA-2024:1268
WEB https://access.redhat.com/errata/RHSA-2024:0575
WEB https://access.redhat.com/errata/RHSA-2024:0554
WEB https://access.redhat.com/errata/RHSA-2024:0461
WEB https://access.redhat.com/errata/RHSA-2024:0432
WEB https://access.redhat.com/errata/RHSA-2024:0431
WEB https://access.redhat.com/errata/RHSA-2024:0412
WEB https://access.redhat.com/errata/RHSA-2024:0386
WEB https://access.redhat.com/errata/RHSA-2024:0378
WEB https://access.redhat.com/errata/RHSA-2024:0340
WEB https://access.redhat.com/errata/RHSA-2023:7559
WEB https://access.redhat.com/errata/RHSA-2023:7557
WEB https://access.redhat.com/errata/RHSA-2023:7554
WEB https://access.redhat.com/errata/RHSA-2023:7551
WEB https://access.redhat.com/errata/RHSA-2023:7549
WEB https://access.redhat.com/errata/RHSA-2023:7548
WEB https://access.redhat.com/errata/RHSA-2023:7418
WEB https://access.redhat.com/errata/RHSA-2023:7379
WEB https://access.redhat.com/errata/RHSA-2023:7370

Advisory provided by GitHub Security Advisory Database. Published: November 1, 2023, Modified: March 12, 2024

References

https://access.redhat.com/errata/RHSA-2023:7370
https://access.redhat.com/errata/RHSA-2023:7379
https://access.redhat.com/errata/RHSA-2023:7418
https://access.redhat.com/errata/RHSA-2023:7548
https://access.redhat.com/errata/RHSA-2023:7549
https://access.redhat.com/errata/RHSA-2023:7551
https://access.redhat.com/errata/RHSA-2023:7554
https://access.redhat.com/errata/RHSA-2023:7557
https://access.redhat.com/errata/RHSA-2023:7559
https://access.redhat.com/errata/RHSA-2024:0340
https://access.redhat.com/errata/RHSA-2024:0378
https://access.redhat.com/errata/RHSA-2024:0386
https://access.redhat.com/errata/RHSA-2024:0412
https://access.redhat.com/errata/RHSA-2024:0431
https://access.redhat.com/errata/RHSA-2024:0432
https://access.redhat.com/errata/RHSA-2024:0461
https://access.redhat.com/errata/RHSA-2024:0554
https://access.redhat.com/errata/RHSA-2024:0575
https://access.redhat.com/errata/RHSA-2024:1268
https://access.redhat.com/errata/RHSA-2024:1269
https://access.redhat.com/errata/RHSA-2024:1278
https://access.redhat.com/security/cve/CVE-2023-5178
https://bugzilla.redhat.com/show_bug.cgi?id=2241924
https://lore.kernel.org/linux-nvme/[email protected]/
Published: 2023-11-01T16:32:20.350Z
Last Modified: 2024-11-15T16:34:05.261Z
Copied to clipboard!