CVE-2023-4132

Summary

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:4.18.0-513.5.1.rt7.307.el8_9 < *unaffected
Red HatRed Hat Enterprise Linux 80:4.18.0-513.5.1.el8_9 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support0:4.18.0-372.91.1.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support0:4.18.0-477.43.1.el8_8 < *unaffected
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 80:4.18.0-372.91.1.el8_6 < *unaffected

Weaknesses

  • CWE-416: Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References