{"api_version":"1","generated_at":"2026-04-23T02:58:45+00:00","cve":"CVE-2023-3863","urls":{"html":"https://cve.report/CVE-2023-3863","api":"https://cve.report/api/cve/CVE-2023-3863.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3863","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3863"},"summary":{"title":"CVE-2023-3863","description":"A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-07-24 15:15:00","updated_at":"2024-02-02 14:15:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","name":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3623-1] linux-5.10 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5480","name":"https://www.debian.org/security/2023/dsa-5480","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5480-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5492","name":"https://www.debian.org/security/2023/dsa-5492","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5492-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10","name":"https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10","refsource":"MISC","tags":[],"title":"net: nfc: Fix use-after-free caused by nfc_llcp_find_local · torvalds/linux@6709d4b · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-3863","name":"https://access.redhat.com/security/cve/CVE-2023-3863","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2225126","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2225126","refsource":"MISC","tags":[],"title":"2225126 – (CVE-2023-3863) CVE-2023-3863 kernel: use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20240202-0002/","name":"https://security.netapp.com/advisory/ntap-20240202-0002/","refsource":"","tags":[],"title":"CVE-2023-3863 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3863","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3863","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-3863","qid":"199651","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6285-1)"},{"cve":"CVE-2023-3863","qid":"199764","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6385-1)"},{"cve":"CVE-2023-3863","qid":"199765","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6388-1)"},{"cve":"CVE-2023-3863","qid":"199783","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6396-1)"},{"cve":"CVE-2023-3863","qid":"199804","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6417-1)"},{"cve":"CVE-2023-3863","qid":"199809","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6416-1)"},{"cve":"CVE-2023-3863","qid":"199812","title":"Ubuntu Security Notification for Linux kernel (KVM) Vulnerabilities (USN-6396-2)"},{"cve":"CVE-2023-3863","qid":"199814","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6416-2)"},{"cve":"CVE-2023-3863","qid":"199834","title":"Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6396-3)"},{"cve":"CVE-2023-3863","qid":"199840","title":"Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-6416-3)"},{"cve":"CVE-2023-3863","qid":"199844","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6445-1)"},{"cve":"CVE-2023-3863","qid":"199858","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6445-2)"},{"cve":"CVE-2023-3863","qid":"199879","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6464-1)"},{"cve":"CVE-2023-3863","qid":"199883","title":"Ubuntu Security Notification for Linux kernel (NVIDIA) Vulnerabilities (USN-6466-1)"},{"cve":"CVE-2023-3863","qid":"199957","title":"Ubuntu Security Notification for Linux kernel (StarFive) Vulnerabilities (USN-6520-1)"},{"cve":"CVE-2023-3863","qid":"296105","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 63.157.1 Missing (CPUOCT2023)"},{"cve":"CVE-2023-3863","qid":"379043","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)"},{"cve":"CVE-2023-3863","qid":"6000212","title":"Debian Security Update for linux (DSA 5480-1)"},{"cve":"CVE-2023-3863","qid":"6000220","title":"Debian Security Update for linux (DSA 5492-1)"},{"cve":"CVE-2023-3863","qid":"6000265","title":"Debian Security Update for linux-5.10 (DLA 3623-1)"},{"cve":"CVE-2023-3863","qid":"673449","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2898)"},{"cve":"CVE-2023-3863","qid":"673970","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2879)"},{"cve":"CVE-2023-3863","qid":"754832","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3600-1)"},{"cve":"CVE-2023-3863","qid":"754833","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3599-1)"},{"cve":"CVE-2023-3863","qid":"754855","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3656-1)"},{"cve":"CVE-2023-3863","qid":"754863","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3680-1)"},{"cve":"CVE-2023-3863","qid":"754866","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3684-1)"},{"cve":"CVE-2023-3863","qid":"754867","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3683-1)"},{"cve":"CVE-2023-3863","qid":"754868","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3682-1)"},{"cve":"CVE-2023-3863","qid":"754869","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3681-1)"},{"cve":"CVE-2023-3863","qid":"754876","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3687-1)"},{"cve":"CVE-2023-3863","qid":"754883","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3705-1)"},{"cve":"CVE-2023-3863","qid":"754884","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3704-1)"},{"cve":"CVE-2023-3863","qid":"754899","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3599-2)"},{"cve":"CVE-2023-3863","qid":"754900","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3600-2)"},{"cve":"CVE-2023-3863","qid":"754901","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3704-2)"},{"cve":"CVE-2023-3863","qid":"754903","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3683-2)"},{"cve":"CVE-2023-3863","qid":"755026","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3964-1)"},{"cve":"CVE-2023-3863","qid":"755037","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3971-1)"},{"cve":"CVE-2023-3863","qid":"755038","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3969-1)"},{"cve":"CVE-2023-3863","qid":"755043","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3988-1)"},{"cve":"CVE-2023-3863","qid":"907120","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27741-1)"},{"cve":"CVE-2023-3863","qid":"907190","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27766-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3863","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Use After Free","cweId":"CWE-416"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Kernel","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"6.5-rc1","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-3863","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-3863"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2225126","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2225126"},{"url":"https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10","refsource":"MISC","name":"https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10"},{"url":"https://www.debian.org/security/2023/dsa-5480","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5480"},{"url":"https://www.debian.org/security/2023/dsa-5492","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5492"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"}]},"work_around":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-07-24 15:15:00","lastModifiedDate":"2024-02-02 14:15:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.5,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}