CVE-2023-1855

Public on 2023-04-05

Modified on 2024-04-25

Description

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.

Severity

Medium

See what this means

CVSS v3 Base Score

6.4

See breakdown

Affected Packages

Platform	Package	Status
Amazon Linux 1	kernel	Not Affected
Amazon Linux 2 - Core	kernel	Not Affected
Amazon Linux 2 - Kernel-5.10 Extra	kernel	Not Affected
Amazon Linux 2 - Kernel-5.15 Extra	kernel	Not Affected
Amazon Linux 2 - Kernel-5.4 Extra	kernel	Not Affected
Amazon Linux 2023	kernel	Not Affected

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.4	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
NVD	CVSSv3	6.3	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2023-1855 Mitre: CVE-2023-1855