A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.
References
Link | Resource |
---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a732b46736cd8a29092e4b0b1a9ba83e672bf89 | Mailing List Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230223-0005/ |
Configurations
Information
Published : 2023-01-12 11:15
Updated : 2023-02-23 11:15
NVD link : CVE-2022-3977
Mitre link : CVE-2022-3977
JSON object : View
CWE
No CWE.
Products Affected
linux
- linux_kernel