Use After Free Affecting kernel-tools-devel package, versions <0:4.14.309-231.529.amzn2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-KERNELTOOLSDEVEL-5496363
- published 4 May 2023
- disclosed 19 Apr 2023
Introduced: 19 Apr 2023
CVE-2023-2162 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2
kernel-tools-devel
to version 0:4.14.309-231.529.amzn2 or higher.
This issue was patched in ALAS2-2023-1987
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-tools-devel
package and not the kernel-tools-devel
package as distributed by Amazon-Linux
.
See How to fix?
for Amazon-Linux:2
relevant fixed versions and status.
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.