CVE-2023-35829

HIGH

Linux Kernel < 5.10.180 - Race Condition

Title source: rule

Description

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.

Exploits (1)

inthewild

poc

https://github.com/apkc/cve-2023-35829-poc

View on inthewild

References (5)

[Release Notes, Vendor Advisory] https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2

[Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3228cec23b8b29215e18090c6ba635840190993d

[Third Party Advisory] https://lore.kernel.org/all/a4dafa22-3ee3-dbe1-fd50-fee07883ce1a%40xs4all.nl/

[Mailing List, Third Party Advisory] https://lore.kernel.org/lkml/20230307173900.1299387-1-zyytlz.wz%40163.com/T/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20230803-0002/

Scores

CVSS v3 7.0

EPSS 0.0003

EPSS Percentile 10.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362 CWE-416

Status published

Products (5)

linux/linux_kernel 5.8 - 5.10.180

netapp/h300s

netapp/h410s

netapp/h500s

netapp/h700s

Published Jun 18, 2023

Tracked Since Feb 18, 2026