CVE-2023-4387
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Aug 16, 2023
Updated: Jan 12, 2024
CWE ID 416
Summary
CVE-2023-4387 is a use-after-free vulnerability identified in the vmxnet3_rq_alloc_rx_buf function of VMware's vmxnet3 ethernet NIC driver in the Linux Kernel (drivers/net/vmxnet3/vmxnet3_drv.c). This issue arises due to a double-free condition during vmxnet3_rq_cleanup_all, which a local attacker can exploit to cause a system crash. Moreover, the vulnerability might potentially lead to a kernel information leak, allowing the attacker to gain unauthorized access to sensitive data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share