CVE-2023-6270

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-6270

CGA ID

CGA-pw5c-4vj6-3p78

Severity

Unknown

Description

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on struct net_device, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to a denial of service condition or potential code execution.

References

https://images.chainguard.dev/security/CGA-pw5c-4vj6-3p78
https://github.com/advisories/GHSA-prhq-c3gx-jhwg
https://bugzilla.redhat.com/show_bug.cgi?id=2256786
https://access.redhat.com/security/cve/CVE-2023-6270
https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/aoe?h=v6.9&id=f98364e926626c678fb4b9004b75cacf92ff0662
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://security-tracker.debian.org/tracker/CVE-2023-6270

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-6270

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources