ГлавнаяУязвимости → CVE-2023-52846
7.8высокая

CVE-2023-52846

→ есть в БДУ: BDU:2024-10207 (на русском)
Описание (на английском; русское — в БДУ выше)

In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb. So it's straight forward to fix bug by using the returned value.

Затрагиваемое ПО
Linux Linux kernel
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401dbhttps://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0dhttps://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827dahttps://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffdhttps://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db