CVE-2023-1670

HIGH

Linux Kernel 2.6.18-4.14.312 - Use-After-Free in Xircom PCMCIA Ethernet Driver

Title source: llm

Description

A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

References (4)

Core 4

Core References

Mailing List

https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz%40163.com/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230526-0010/

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Scores

CVSS v3 7.8

EPSS 0.0028

EPSS Percentile 19.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (1)

linux/linux_kernel 2.6.18 - 4.14.312

Published Mar 30, 2023

Tracked Since Feb 18, 2026