CVE-2023-5178

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 1, 2023

Updated: Jun 18, 2024

CWE ID 416

Summary

CVE-2023-5178 is a use-after-free vulnerability discovered in the Linux kernel's NVMe/TCP subsystem, specifically in the `nvmet_tcp_free_crypto` function within `drivers/nvme/target/tcp.c`. This issue arises due to a logical bug and may result in both use-after-free and double-free conditions. A malicious user could potentially exploit this vulnerability, leading to remote code execution or local privilege escalation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/suWA0B
https://www.cve.org/CVERecord?id=CVE-2023-5178
https://nvd.nist.gov/vuln/detail/CVE-2023-5178

Back to Vulnerability Database

CVE-2023-5178

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations