CVE-2023-2162

Summary

CVE	CVE-2023-2162
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-19 20:15:00 UTC
Updated	2023-05-03 14:15:00 UTC
Description	A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	6.2	-	All	All
Operating System	Linux	Linux Kernel	6.2	rc1	All	All
Operating System	Linux	Linux Kernel	6.2	rc2	All	All
Operating System	Linux	Linux Kernel	6.2	rc3	All	All
Operating System	Linux	Linux Kernel	6.2	rc4	All	All
Operating System	Linux	Linux Kernel	6.2	rc5	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 3404-1] linux-5.10 security update	MLIST	lists.debian.org
[SECURITY] [DLA 3403-1] linux security update	MLIST	lists.debian.org
[PATCH AUTOSEL 6.1 08/20] scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Linux SCSI)	MISC	www.spinics.net
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160719 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12375)
161277 Oracle Enterprise Linux Security Update for kernel (ELSA-2024-12069)
181765 Debian Security Update for linux-5.10 (DLA 3404-1)
181768 Debian Security Update for linux (DLA 3403-1)
184099 Debian Security Update for linux (CVE-2023-2162)
199342 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6080-1)
199343 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6079-1)
199346 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-6085-1)
199351 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6090-1)
199353 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6091-1)
199354 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6096-1)
199355 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6094-1)
199368 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-6109-1)
199376 Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6118-1)
199384 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6132-1)
199385 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6134-1)
199389 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6133-1)
199465 Ubuntu Security Notification for Linux kernel (Xilinx ZynqMP) Vulnerabilities (USN-6222-1)
199504 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6092-1)
199512 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6084-1)
199569 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6095-1)
199589 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6081-1)
199614 Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6256-1)
199617 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6254-1)
199764 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6385-1)
242759 Red Hat Update for kernel (RHSA-2024:0432)
242762 Red Hat Update for kernel (RHSA-2024:0403)
242789 Red Hat Update for kernel (RHSA-2024:0575)
242830 Red Hat Update for kernel-rt (RHSA-2024:0563)
242831 Red Hat Update for kernel (RHSA-2024:0562)
242845 Red Hat Update for kernel (RHSA-2024:0448)
242846 Red Hat Update for kernel-rt (RHSA-2024:0439)
242847 Red Hat Update for kernel-rt (RHSA-2024:0431)
242855 Red Hat Update for kernel (RHSA-2024:0412)
242862 Red Hat Update for kernel-rt (RHSA-2024:0402)
378710 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)
378889 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0036)
379043 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)
390285 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2023-0017)
390286 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2023-0018)
390292 Oracle Managed Virtualization (VM) Server for x86 Security Update for None (OVMSA-2023-0016)
673214 EulerOS Security Update for kernel (EulerOS-SA-2023-2383)
673232 EulerOS Security Update for kernel (EulerOS-SA-2023-2357)
673261 EulerOS Security Update for kernel (EulerOS-SA-2023-2614)
673272 EulerOS Security Update for kernel (EulerOS-SA-2023-2584)
673393 EulerOS Security Update for kernel (EulerOS-SA-2023-2647)
674113 EulerOS Security Update for kernel (EulerOS-SA-2023-2689)
753980 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2151-1)
753981 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2146-1)
753982 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2148-1)
753985 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2162-1)
754005 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2163-1)
754023 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2232-1)
755851 SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)
906923 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26341-1)
906982 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26337-1)
941540 AlmaLinux Security Update for kernel (ALSA-2024:0113)
961107 Rocky Linux Security Update for kernel-rt (RLSA-2024:0134)