A flaw was found in the MCTP protocol in the Linux kernel...
Moderate severity
Unreviewed
Published
Jun 28, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jun 28, 2023
Published to the GitHub Advisory Database
Jun 28, 2023
Last updated
Apr 4, 2024
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.
References