CVE-2023-6039

Summary

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

Affected Software

VendorProductVersion RangeStatus
n/aKernel6.5-rc5unaffected

Weaknesses

  • CWE-416: Use After Free

Workarounds

Mitigation for this issue is to skip loading the affected module "lan78xx" onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.

How do I blacklist a kernel module to prevent it from loading automatically?
https://access.redhat.com/solutions/41278 

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References