CVE-2023-5178
Published: 01 November 2023
Summary
CVE-2023-5178 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 7.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A use-after-free vulnerability exists in the NVMe/TCP subsystem of the Linux kernel, specifically in the nvmet_tcp_free_crypto function within drivers/nvme/target/tcp.c. The flaw stems from a logical bug that can trigger both use-after-free and double-free conditions in memory handling for NVMe over TCP targets.
An attacker with network access and limited privileges can exploit the issue to achieve remote code execution or local privilege escalation on affected systems. The vulnerability carries a CVSS 3.1 score of 8.8, reflecting its network-accessible attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
Multiple Red Hat Security Advisories (RHSA-2023:7370, RHSA-2023:7379, RHSA-2023:7418, RHSA-2023:7548, and RHSA-2023:7549) address the flaw through kernel updates that resolve the memory-management error in the NVMe/TCP target code.
The associated EPSS score has remained in the 0.08–0.09 range with no pronounced increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-57515
Vulnerability details
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote…
more
code execution or lead to local privilege escalation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The use-after-free vulnerability in the Linux kernel's NVMe/TCP subsystem enables exploitation for privilege escalation (T1068) and exploitation of remote services (T1210) due to potential remote code execution or local privilege escalation triggered via the network-exposed NVMe target service.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.