CVE-2023-3439 Information

Description

A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device’s relevant resource when a netcard detaches. However a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object potentially leading to a denial of service.

Reference

https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269 https://bugzilla.redhat.com/show_bug.cgi?id=2217915