CVE-2023-53432

Summary

In the Linux kernel, the following vulnerability has been resolved:

firewire: net: fix use after free in fwnet_finish_incoming_packet()

The netif_rx() function frees the skb so we can't dereference it to save the skb->len.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc76acec6d55107b652a37c90b36c00bc8b04dabb < 2ea70379e4f4efa95c9daa7f3f9bdd4d40aec927affected
LinuxLinuxc76acec6d55107b652a37c90b36c00bc8b04dabb < 9040adc38cf6bfbb77034d558ac2c52f70d840acaffected
LinuxLinuxc76acec6d55107b652a37c90b36c00bc8b04dabb < 9860921ab4521252dc39bb21b9c936bd09a00982affected
LinuxLinuxc76acec6d55107b652a37c90b36c00bc8b04dabb < 3ff256751a2853e1ffaa36958ff933ccc98c6cb5affected
LinuxLinux2.6.31affected
LinuxLinux0 < 2.6.31unaffected
LinuxLinux5.15.128 <= 5.15.*unaffected
LinuxLinux6.1.47 <= 6.1.*unaffected
LinuxLinux6.4.12 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References