QwikSec

Security Database

CVE

CWE

Training

CVE-2023-3439

Published: Jun 28, 2023

Modified: Mar 10, 2025

PUBLISHED

Description

A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.

Vendor	Product	Versions
n/a	Linux Kernel (mctp)	affected `Fixed in kernel 5.18-rc5`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2217915

https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269

[oss-security] 20230702 CVE-2023-3439: Linux MCTP use-after-free in mctp_sendmsg

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.