{"id":"CVE-2023-1838","details":"A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.","modified":"2026-03-13T06:51:39.174695Z","published":"2023-04-05T19:15:07.793Z","related":["ALSA-2024:0897","SUSE-SU-2023:1895-1","SUSE-SU-2023:1897-1","SUSE-SU-2023:1992-1","SUSE-SU-2023:2146-1","SUSE-SU-2023:2147-1","SUSE-SU-2023:2148-1","SUSE-SU-2023:2646-1","SUSE-SU-2023:2809-1","SUSE-SU-2023:2871-1"],"references":[{"type":"ADVISORY","url":"https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230517-0003/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1838.json","unresolved_ranges":[{"events":[{"introduced":"4.13"},{"fixed":"4.14.317"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.245"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.196"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.118"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.42"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.17.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}