4735 – Bugfix for CVE-2023-1838

Bug 4735 - Bugfix for CVE-2023-1838

Summary: Bugfix for CVE-2023-1838

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 4.19 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S2-major
Target Milestone:	---
Assignee:	GuixinLiu
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Duplicates (1):	4897 (view as bug list)
Depends on:
Blocks:

Reported:	2023-04-07 11:19 UTC by tangbinzy
Modified:	2023-08-11 17:00 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tangbinzy cmss_group

2023-04-07 11:19:03 UTC

一、漏洞信息
漏洞编号：CVE-2023-1838
漏洞归属组件：kernel
漏洞归属的版本：4.19,5.10
CVSS V2.0分值：
BaseScore：0.0 Low
Vector：CVSS：2.0/
漏洞简述：
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
漏洞公开时间：2023-04-06 03:15:00
漏洞创建时间：2023-04-05 03:51:59
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2023-1838

Comment 1 maqiao alibaba_cloud_group

2023-07-05 15:59:28 UTC

merged: https://gitee.com/anolis/cloud-kernel/pulls/1546

Comment 2 Shiloong admin

2023-08-11 17:00:50 UTC

*** Bug 4897 has been marked as a duplicate of this bug. ***