CVE-2023-39198
HIGHLinux Kernel < 6.5 - Use-After-Free in QXL Driver via Race Condition
Title source: llmDescription
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2394
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2950
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3138
Issue Tracking, Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-39198
Issue Tracking, Patch, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2218332
Scores
CVSS v3
7.5
EPSS
0.0001
EPSS Percentile
1.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (11)
fedoraproject/fedora
38
linux/linux_kernel
6.5 rc1 (6 CPE variants)
linux/linux_kernel
< 6.5
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:4.18.0-553.el8_10
Red Hat/Red Hat Enterprise Linux 8
0:4.18.0-553.rt7.342.el8_10
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Enterprise Linux 9
0:5.14.0-427.13.1.el9_4
redhat/enterprise_linux
8.0
... and 1 more
Published
Nov 09, 2023
Tracked Since
Feb 18, 2026