CVE-2023-35823

low-risk
Published 2023-06-18

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (2)

Affected Vendors

Debian Linux

References (14)

Release Notes https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30...
Mailing List https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/
https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t/
Third Party Advisory https://security.netapp.com/advisory/ntap-20230803-0002/
Release Notes https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30...
Mailing List https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/
https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t/
Third Party Advisory https://security.netapp.com/advisory/ntap-20230803-0002/
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low