CVE-2023-52846
hsr: Prevent use after free in prp_create_tagged_frame()
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
21 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
hsr: Prevent use after free in prp_create_tagged_frame()
The prp_fill_rct() function can fail. In that situation, it frees the
skb and returns NULL. Meanwhile on the success path, it returns the
original skb. So it's straight forward to fix bug by using the returned
value.
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401dbhttps://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0dhttps://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827dahttps://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd