UBUNTU-CVE-2023-3439

Advisory lineage Upstream: 1 Downstream: 2
Upstream
CVE-2023-3439
Published: 28 Jun 2023, 21:15
Last modified:03 Jun 2026, 13:36

Vulnerability Summary

Overall Risk (default)
low
19/100
CVSS Score
4.7 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

28 Jun 2023, 21:15
Published
Vulnerability first disclosed
03 Jun 2026, 13:36
Last Modified
Vulnerability information updated

Description

A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.

CVSS Metrics

  • v3.1MEDIUMScore: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

  • ubuntulinux

    < 5.15.0-78.85

  • ubuntulinux-aws

    < 5.15.0-1040.45

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.11

    all

  • ubuntulinux-aws-5.13

    all

  • ubuntulinux-aws-5.15

    < 5.15.0-1040.45~20.04.1

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-aws-5.8

    all

  • ubuntulinux-azure

    all | < 5.15.0-1042.49

  • ubuntulinux-azure-5.11

    all

  • ubuntulinux-azure-5.13

    all

  • ubuntulinux-azure-5.15

    < 5.15.0-1042.49~20.04.1

  • ubuntulinux-azure-5.19

    all

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-5.8

    all

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fde

    < 5.15.0-1042.49.1

  • ubuntulinux-azure-fde-5.19

    all

  • ubuntulinux-bluefield

    < 5.15.0-1021.23 | < 5.15.0-1021.23 | all

  • ubuntulinux-fips

    all

  • ubuntulinux-gcp

    all | < 5.15.0-1038.46

  • ubuntulinux-gcp-5.11

    all

  • ubuntulinux-gcp-5.13

    all

  • ubuntulinux-gcp-5.15

    < 5.15.0-1038.46~20.04.1

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-5.8

    all

  • ubuntulinux-gke

    < 5.15.0-1038.43

  • ubuntulinux-gke-4.15

    all

  • ubuntulinux-gke-5.15

    < 5.15.0-1038.43~20.04.1

  • ubuntulinux-gke-5.4

    all

  • ubuntulinux-gkeop

    < 5.15.0-1024.29

  • ubuntulinux-gkeop-5.15

    < 5.15.0-1024.29~20.04.1

  • ubuntulinux-gkeop-5.4

    all

  • ubuntulinux-hwe

    all

  • ubuntulinux-hwe-5.11

    all

  • ubuntulinux-hwe-5.13

    all

  • ubuntulinux-hwe-5.15

    < 5.15.0-78.85~20.04.1

  • ubuntulinux-hwe-5.8

    all

  • ubuntulinux-hwe-edge

    all

  • ubuntulinux-ibm

    < 5.15.0-1034.37

  • ubuntulinux-intel-5.13

    all

  • ubuntulinux-intel-iot-realtime

    < 5.15.0-1035.37 | < 5.15.0-1035.37

  • ubuntulinux-intel-iotg

    < 5.15.0-1036.41

  • ubuntulinux-intel-iotg-5.15

    < 5.15.0-1036.41~20.04.1

  • ubuntulinux-kvm

    < 5.15.0-1038.43

  • ubuntulinux-lowlatency

    < 5.15.0-78.85

  • ubuntulinux-lowlatency-hwe-5.15

    < 5.15.0-78.85~20.04.1

  • ubuntulinux-nvidia

    all | < 5.15.0-1029.29

  • ubuntulinux-nvidia-tegra

    < 5.15.0-1016.16

  • ubuntulinux-nvidia-tegra-5.15

    < 5.15.0-1016.16~20.04.1

Showing first 50 affected entries in server-rendered view.

References (7)