Vulnerability DatabaseCVE-2023-52667
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-52667
May 17, 2024
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g. However, its caller fs_any_create_table() will free ft->g again through calling mlx5e_destroy_flow_table(), which will lead to a double-free. Fix this by setting ft->g to NULL in fs_any_create_groups().
Related Resources (8)
https://git.kernel.org/stable/c/72a729868592752b5a294d27453da264106983b1
https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52667.json
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
https://git.kernel.org/stable/c/2897c981ee63e1be5e530b1042484626a10b26d8
https://git.kernel.org/stable/c/b2fa86b2aceb4bc9ada51cea90f61546d7512cbe
https://git.kernel.org/stable/c/aef855df7e1bbd5aa4484851561211500b22707e
https://git.kernel.org/stable/c/65a4ade8a6d205979292e88beeb6a626ddbd4779
https://nvd.nist.gov/vuln/detail/CVE-2023-52667
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.5
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Double Free
CWE-415
EPSS
Base Score:
0.13