Use-after-free vulnerability in AF_NETROM socket in Linux kernel

Use-after-free vulnerability in AF_NETROM socket in Linux kernel

CVE-2023-32269 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.