A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
CVE-2023-4459 - Medium Severity Vulnerability
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD commit: 662967c12efbaddc3a053fdcbe4461a3a774fd7f
Found in base branch: master
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
Publish Date: 2023-08-21
URL: CVE-2023-4459
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2023-4459
Release Date: 2023-08-21
Fix Resolution: v4.9.316,v4.14.281,v4.19.245,v5.4.196,v5.10.118,v5.15.42,v5.17.10,v5.18,v5.18
Step up your Open Source Security Game with Mend here