A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| linux | linux_kernel | 5.0 - 5.4.260 | - |
| linux | linux_kernel | 5.5 - 5.10.199 | - |
| linux | linux_kernel | 5.11 - 5.15.137 |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
10
Affected Products
50
References
linux / linux_kernel
| - |
| linux | linux_kernel | 5.16 - 6.1.60 | - |
| linux | linux_kernel | 6.2 - 6.5.9 | - |
| redhat | enterprise_linux | - | - |
| redhat | enterprise_linux | - | - |
| netapp | active_iq_unified_manager | - | - |
| netapp | solidfire_\&_hci_management_node | - | - |
| netapp | solidfire_\&_hci_storage_node | - | - |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact