Fluid Attacks Database

Description

A flaw was found in the Linux kernel's netfilter component. When a virtual Ethernet (veth) device is released, the associated network namespace (netns) device memory may be prematurely freed. This can lead to a use-after-free vulnerability during the unregistration of netdev hooks. A local attacker with high privileges could exploit this flaw to cause a system crash, resulting in a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	linux	>=0 <6.3.7-1	6.3.7-1
debian 12	linux	=6.1.27-1 \|\| >=0 <6.1.37-1	6.1.37-1
debian 14	linux	>=0 <6.3.7-1	6.3.7-1
rpm rhel8	kernel-rt	-	-
rpm rhel8	kernel	-	-
rpm rhel9	kernel	<0:5.14.0-362.8.1.el9_3	0:5.14.0-362.8.1.el9_3
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-542002. NVD-2023-542003. OSV-DEBIAN-2023-542004. OSV-2023-542005. SECURITY-TRACKER-CVE-2023-54200

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.